m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Gitea Actions Runner and update OpenCode config

Browse Source 
- Add Gitea Actions Runner service on m3-atlas with nixos:host label
- Configure agenix secret for runner token
- Add Antigravity provider models to OpenCode config
- Switch m3ta-nixpkgs to local path for development
This commit is contained in:
m3tm3re
2026-01-14 20:55:23 +01:00
parent e1de4805ce
commit f9415c05f9
10 changed files with 235 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
hosts/m3-atlas/secrets.nix
View File

@@ -1,51 +1,35 @@
{
age = {
secrets = {
baserow-env = {
file = ../../secrets/baserow-env.age;
};
ghost-env = {
file = ../../secrets/ghost-env.age;
};
baserow-env = { file = ../../secrets/baserow-env.age; };
ghost-env = { file = ../../secrets/ghost-env.age; };
kestra-config = {
file = ../../secrets/kestra-config.age;
mode = "644";
};
kestra-env = {
file = ../../secrets/kestra-env.age;
};
littlelink-m3tam3re = {
file = ../../secrets/littlelink-m3tam3re.age;
};
minio-root-cred = {
file = ../../secrets/minio-root-cred.age;
};
n8n-env = {
file = ../../secrets/n8n-env.age;
};
paperless-key = {
file = ../../secrets/paperless-key.age;
};
restreamer-env = {
file = ../../secrets/restreamer-env.age;
};
searx = {
file = ../../secrets/searx.age;
};
tailscale-key = {
file = ../../secrets/tailscale-key.age;
};
kestra-env = { file = ../../secrets/kestra-env.age; };
littlelink-m3tam3re = { file = ../../secrets/littlelink-m3tam3re.age; };
minio-root-cred = { file = ../../secrets/minio-root-cred.age; };
n8n-env = { file = ../../secrets/n8n-env.age; };
paperless-key = { file = ../../secrets/paperless-key.age; };
restreamer-env = { file = ../../secrets/restreamer-env.age; };
searx = { file = ../../secrets/searx.age; };
tailscale-key = { file = ../../secrets/tailscale-key.age; };
traefik = {
file = ../../secrets/traefik.age;
owner = "traefik";
};
vaultwarden-env = {
file = ../../secrets/vaultwarden-env.age;
};
vaultwarden-env = { file = ../../secrets/vaultwarden-env.age; };
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re";
};
gitea-runner-token = {
file = ../../secrets/gitea-runner-token.age;
mode = "600";
owner = "gitea-runner";
group = "gitea-runner";
};
};
};
}

1
hosts/m3-atlas/services/default.nix
View File

@@ -2,6 +2,7 @@
imports = [
./containers
./gitea.nix
./gitea-actions-runner.nix
./headscale.nix
./minio.nix
./mysql.nix

58
hosts/m3-atlas/services/gitea-actions-runner.nix Normal file
View File

@@ -0,0 +1,58 @@
{
config,
pkgs,
...
}: {
services.gitea-actions-runner = {
instances.default = {
enable = true;
name = "${config.networking.hostName}-runner";
url = "https://code.m3ta.dev";
tokenFile = config.age.secrets.gitea-runner-token.path;
# nixos:host is primary, ubuntu is fallback
labels = [
# Primary: Run directly on host (fastest, has Nix installed)
"nixos:host"
# Fallback: Docker-based execution for compatibility
"ubuntu-latest:docker://node:18-bullseye"
"ubuntu-22.04:docker://node:20-bullseye"
];
# Host execution packages
hostPackages = with pkgs; [
git
bash
coreutils
nix
# Add any other tools you need for nix-update workflows
];
# Advanced settings
settings = {
runner = {
capacity = 1; # One job at a time (increase if you have resources)
timeout = "4h"; # Nix builds can take a while
};
cache = {enabled = true;};
container = {
enable_ipv6 = true;
privileged = false;
};
};
};
};
# User management (auto-created by module, but ensuring proper setup)
users.users.gitea-runner = {
home = "/var/lib/gitea-runner";
group = "gitea-runner";
isSystemUser = true;
createHome = true;
};
users.groups.gitea-runner = {};
# Firewall: Allow Podman bridge networks for cache actions
networking.firewall.trustedInterfaces = ["br-+"];
}