85 lines
1.9 KiB
Nix
85 lines
1.9 KiB
Nix
{
|
|
host,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
];
|
|
sops.secrets = {
|
|
"password" = {
|
|
sopsFile = ../../secrets/k8s.yaml;
|
|
};
|
|
forgejo-runner = {
|
|
sopsFile = ../../secrets/forgejo-runner.yaml;
|
|
};
|
|
};
|
|
system-sys.zram = false;
|
|
networking = {
|
|
hostId = "81238132";
|
|
firewall = {
|
|
allowedTCPPorts = [
|
|
22
|
|
10250
|
|
25565 # mc
|
|
25566 # mc
|
|
];
|
|
interfaces."podman+" = {
|
|
allowedTCPPorts = [ 33393 ];
|
|
};
|
|
};
|
|
};
|
|
virtualisation.podman = {
|
|
enable = true;
|
|
};
|
|
services.gitea-actions-runner = {
|
|
package = pkgs.forgejo-runner;
|
|
instances.default = {
|
|
enable = true;
|
|
name = host.hostName;
|
|
settings = {
|
|
runner = {
|
|
capacity = 3;
|
|
};
|
|
cache = {
|
|
enable = true;
|
|
host = "host.containers.internal";
|
|
port = 33393;
|
|
};
|
|
container = {
|
|
force_pull = true;
|
|
};
|
|
};
|
|
url = "https://git.10110110.xyz";
|
|
tokenFile = config.sops.secrets.forgejo-runner.path;
|
|
labels = [
|
|
"ubuntu-latest:docker://node:24-bullseye"
|
|
"nix-upstream-latest:docker://nixos/nix:latest"
|
|
"nix-latest:docker://git.10110110.xyz/ci/nix"
|
|
];
|
|
};
|
|
};
|
|
services.k3s = {
|
|
enable = true;
|
|
role = "agent";
|
|
extraFlags = toString [
|
|
"--flannel-iface=tailscale0"
|
|
];
|
|
tokenFile = config.sops.secrets."password".path;
|
|
serverAddr = "https://consensus:6443";
|
|
};
|
|
systemd.services.k3s = {
|
|
preStart = ''
|
|
until ${pkgs.tailscale}/bin/tailscale status; do
|
|
sleep 1
|
|
done
|
|
'';
|
|
};
|
|
services.logind.settings.Login.HandleLidSwitch = "ignore";
|
|
services.logind.settings.Login.HandleLidSwitchExternalPower = "ignore";
|
|
hardware.enableRedistributableFirmware = true;
|
|
hardware.firmware = [ pkgs.linux-firmware ];
|
|
system.stateVersion = "23.11";
|
|
}
|