diff --git a/hosts/nix-cache01/default.nix b/hosts/nix-cache01/default.nix index c9c6e59..435b31e 100644 --- a/hosts/nix-cache01/default.nix +++ b/hosts/nix-cache01/default.nix @@ -3,6 +3,7 @@ imports = [ ./configuration.nix ../../services/nix-cache + ../../services/actions-runner ./zram.nix ]; } diff --git a/secrets/nix-cache01/actions_token_1 b/secrets/nix-cache01/actions_token_1 new file mode 100644 index 0000000..329c669 --- /dev/null +++ b/secrets/nix-cache01/actions_token_1 @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:wyvKsawEJ6/PXD1cb7yyL16k7hdzWP2KXRZKfcZUiPorNygLGMUOkbA=,iv:TfGz3IVoZQ7bwYeEo0FXh37twLaOV6VRxGOx8q4ofC8=,tag:UjnfUDp6Kb09FC3EzWWCGg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSdHozVnN0YXExTWZBbEVK\nT0FoR3NNREtHZzhseE5jb0JzNCtCSDBtT0RVCkQvVFB5aDlxbzVDVE85Q3d5TEw4\nelpuVnY1bXc4YU4vQ0RxbW15SWpwMVkKLS0tIG1HZ2NhR0plSVlZdVNZZUZydjBv\nSjEyREIrL1Z5bkpOM2ZiRnhmRlk0MVUKRowIdTtV7B+me9cdpC0Kmnz3FIQQvCt2\nxVltjChE4N954aa1j8KpXYELkr0rge2/ka9JdI54VxgrACPSbtVqGg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1a0477laj9sdh79wdas5v7hzk6au8fach74njg8epfw2rdht90qjsakkwd6", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2RlVRbGJiSjNkNXg3T3FU\nZFVzeTNSdGxSWEVzVTFDR1g5ZzI5RHZkMmhRCkZGbE1ZSTJDZ2NLZG5QU25OU3Z4\nRlYyU0N5ZTlQQmgrZ3dBVTgvYTBHR1kKLS0tIENRTmFWYzY2d2t4VTRISEtxZkNL\nZ2IzdVZWNWowZ2hlcS9xM29UaUgzcFkKMSzJh8tVqLUE8joiynqqHlZD5wMne0Ti\n/RE3d8JEwlQZnaxd8ZYfOA9CHIYhsMgWV8YG+hDR0nFPBah6sjRsrw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-21T18:46:14Z", + "mac": "ENC[AES256_GCM,data:yup75WbmL/OfwmkersRp3SKIHqS+GNPe6K732BcsPevQClB+w6znRfyPS8h1xhNjsESJ7xLjlEejOXYIIJ4tnds/+siZuGrvoEHhYzrYPevgxETpk0PBc+9El/XrVXmssG+EKVTCfyhmIo1n+2WFI3NlkTy+j03pNyWIB+6/YSs=,iv:jnS/z176t7nxnhdueu7p7KLgMeMHtTpqP5uhWZaEXzw=,tag:CQFjvOg95zil/Gfj45Q+1A==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/services/actions-runner/default.nix b/services/actions-runner/default.nix new file mode 100644 index 0000000..e1cfc9d --- /dev/null +++ b/services/actions-runner/default.nix @@ -0,0 +1,43 @@ +{ pkgs, config }: +{ + sops.secrets."cache-secret" = { + sopsFile = ../../secrets/nix-cache01/actions_token_1; + format = "binary"; + }; + + services.gitea-actions-runner.instances = { + enable = true; + tokenFile = config.sops.secrets.cache-secret.path; + name = "actions1.home.2rjus.net"; + settings = { + log = { + level = "info"; + }; + + runner = { + file = ".runner"; + capacity = 4; + timeout = "2h"; + shutdown_timeout = "10m"; + insecure = false; + fetch_timeout = "10s"; + fetch_interval = "30s"; + }; + + cache = { + enabled = true; + }; + + container = { + privileged = false; + }; + }; + + labels = [ + "homelab" + "ubuntu-latest" + ]; + + url = "https://git.t-juice.club"; + }; +} diff --git a/services/ns/zones-home-2rjus-net.conf b/services/ns/zones-home-2rjus-net.conf index 5506bb4..a3f430f 100644 --- a/services/ns/zones-home-2rjus-net.conf +++ b/services/ns/zones-home-2rjus-net.conf @@ -1,7 +1,7 @@ $ORIGIN home.2rjus.net. $TTL 1800 @ IN SOA ns1.home.2rjus.net. admin.test.2rjus.net. ( - 2062 ; serial number + 2063 ; serial number 3600 ; refresh 900 ; retry 1209600 ; expire @@ -59,6 +59,7 @@ monitoring01 IN A 10.69.13.13 jelly01 IN A 10.69.13.14 nix-cache01 IN A 10.69.13.15 nix-cache IN CNAME nix-cache01 +actions1 IN CNAME nix-cache01 pgdb1 IN A 10.69.13.16 nats1 IN A 10.69.13.17 auth01 IN A 10.69.13.18