Merge pull request 'add volume mount for nix' (#58) from feature/act-runner-volumes into main

Reviewed-on: #58

.github/workflows/flake-health-checks.yml

@@ -8,10 +8,7 @@ on:
 jobs:
     health-check:
         name: "Perform Nix flake checks"
-        runs-on: ${{ matrix.os }}
+        runs-on: ubuntu-latest
-        strategy:
-            matrix:
-                os: [ubuntu-latest]
         steps:
             - uses: DeterminateSystems/nix-installer-action@main
             - name: Setup Attic cache
@@ -26,10 +23,7 @@ jobs:
             - run: nix ./utils/attic-push.bash
     build-checks:
         name: "Build nix outputs"
-        runs-on: ${{ matrix.os }}
+        runs-on: ubuntu-latest
-        strategy:
-            matrix:
-                os: [ubuntu-latest]
         steps:
             - uses: DeterminateSystems/nix-installer-action@main
             - name: Setup Attic cache

.vscode/settings.json

@@ -41,7 +41,6 @@
     "codezombiech",
     "compactmode",
     "Compat",
-    "concat",
     "concatLists",
     "contentblocking",
     "cookiebanners",
@@ -154,7 +153,6 @@
     "networkd",
     "networkmanager",
     "newtabpage",
-    "nixfmt",
     "nixos",
     "nixpkgs",
     "nmap",
@@ -216,8 +214,6 @@
     "rofi",
     "rpool",
     "rspace",
-    "rsyslog",
-    "rsyslogd",
     "rtkit",
     "safebrowsing",
     "Sandro",
@@ -259,7 +255,6 @@
     "topstories",
     "Toqozz",
     "torrenting",
-    "treefmt",
     "twimg",
     "uaccess",
     "ublock",

flake.lock

@@ -78,11 +78,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1742449434,
+        "lastModified": 1742773104,
-        "narHash": "sha256-UVz7NhPzbEWey6mMJU3Jwjqfbp0xH0iKZDuoRjhZEN0=",
+        "narHash": "sha256-dAhrL+gEjNN5U/Sosy7IrX0Y0qPA0U7Gp9TBhqEliNU=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "1b0b14b56353040142e0ef5b0ab37743bbbf4ab4",
+        "rev": "d74460da63a8c08a69a1f143b04f2ab1a6b2f5c2",
         "type": "gitlab"
       },
       "original": {
@@ -312,11 +312,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742447757,
+        "lastModified": 1742771635,
-        "narHash": "sha256-Q0KXcHQmum8L6IzGhhkVhjFMKY6BvYa/rhmLP26Ws8o=",
+        "narHash": "sha256-HQHzQPrg+g22tb3/K/4tgJjPzM+/5jbaujCZd8s2Mls=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "94605dcadefeaff6b35c8931c9f38e4f4dc7ad0a",
+        "rev": "ad0614a1ec9cce3b13169e20ceb7e55dfaf2a818",
         "type": "github"
       },
       "original": {
@@ -352,11 +352,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742174123,
+        "lastModified": 1742701275,
-        "narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=",
+        "narHash": "sha256-AulwPVrS9859t+eJ61v24wH/nfBEIDSXYxlRo3fL/SA=",
         "owner": "Mic92",
         "repo": "nix-index-database",
-        "rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c",
+        "rev": "36dc43cb50d5d20f90a28d53abb33a32b0a2aae6",
         "type": "github"
       },
       "original": {
@@ -388,11 +388,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742217219,
+        "lastModified": 1742568034,
-        "narHash": "sha256-pLRjj0jTL1TloB0ptEwVF51IJJX8a17dSxg+gqiWb30=",
+        "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "83900d5154d840dfae1e0367c5290f59b9dccf03",
+        "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
         "type": "github"
       },
       "original": {
@@ -403,11 +403,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1742376361,
+        "lastModified": 1742806253,
-        "narHash": "sha256-VFMgJkp/COvkt5dnkZB4D2szVdmF6DGm5ZdVvTUy61c=",
+        "narHash": "sha256-zvQ4GsCJT6MTOzPKLmlFyM+lxo0JGQ0cSFaZSACmWfY=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "daaae13dff0ecc692509a1332ff9003d9952d7a9",
+        "rev": "ecaa2d911e77c265c2a5bac8b583c40b0f151726",
         "type": "github"
       },
       "original": {
@@ -441,11 +441,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1742450798,
+        "lastModified": 1742800061,
-        "narHash": "sha256-lfOAAaX68Ed7R6Iy2nbFAkGj6B8kHBp3nqZhgZjxR5c=",
+        "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "b64ec1944ea40d9f3920f938e17ed39a9978c6c7",
+        "rev": "1750f3c1c89488e2ffdd47cab9d05454dddfb734",
         "type": "github"
       },
       "original": {
@@ -472,11 +472,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1742268799,
+        "lastModified": 1742751704,
-        "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=",
+        "narHash": "sha256-rBfc+H1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "da044451c6a70518db5b730fe277b70f494188f1",
+        "rev": "f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092",
         "type": "github"
       },
       "original": {
@@ -520,11 +520,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742300892,
+        "lastModified": 1742649964,
-        "narHash": "sha256-QmF0proyjXI9YyZO9GZmc7/uEu5KVwCtcdLsKSoxPAI=",
+        "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "ea26a82dda75bee6783baca6894040c8e6599728",
+        "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
         "type": "github"
       },
       "original": {
@@ -562,11 +562,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742437918,
+        "lastModified": 1742783666,
-        "narHash": "sha256-Vflb6KJVDikFcM9E231mRN88uk4+jo7BWtaaQMifthI=",
+        "narHash": "sha256-IwdSl51NL6V0f+mYXZR0UTKaGleOsk9zV3l6kt5SUWw=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "f03085549609e49c7bcbbee86a1949057d087199",
+        "rev": "60766d63c227d576510ecfb5edd3a687d56f6bc7",
         "type": "github"
       },
       "original": {
@@ -582,11 +582,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742406979,
+        "lastModified": 1742700801,
-        "narHash": "sha256-r0aq70/3bmfjTP+JZs4+XV5SgmCtk1BLU4CQPWGtA7o=",
+        "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "1770be8ad89e41f1ed5a60ce628dd10877cb3609",
+        "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852",
         "type": "github"
       },
       "original": {
@@ -623,11 +623,11 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1742422444,
+        "lastModified": 1742753562,
-        "narHash": "sha256-Djg5uMhIDPdFOZ7kTrqNlHaAqcx/4rp7BofZLsUHkLY=",
+        "narHash": "sha256-EBXgl3sPi5AQUM58XGuuC8HQl/Df+Dbt6pOLInInJ/k=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "f122d70925ca44e5ee4216661769437ab36a6a3f",
+        "rev": "d9df91c55643a8b5229a3ae3a496a30f14965457",
         "type": "github"
       },
       "original": {

systems/palatine-hill/docker/act-runner.nix

@@ -6,6 +6,7 @@
 let
   vars = import ../vars.nix;
   act_path = vars.primary_act;
+  act_config_path = ./act_config.yaml;
 in
 {
   virtualisation.oci-containers.containers = {
@@ -20,10 +21,9 @@ in
       };
       ports = [ "8088:8088" ];
       volumes = [
-        "${act_path}/stable-latest-main/config.yaml:/config.yaml"
+        "${act_config_path}:/config.yaml"
         "${act_path}/stable-latest-main/data:/data"
         "/var/run/docker.sock:/var/run/docker.sock"
-        "/nix:/nix"
       ];
       environment = {
         CONFIG_FILE = "/config.yaml";
@@ -43,10 +43,9 @@ in
         "com.centurylinklabs.watchtower.scope" = "act-runner";
       };
       volumes = [
-        "${act_path}/stable-latest-1/config.yaml:/config.yaml"
+        "${./act_config.yaml}:/config.yaml"
         "${act_path}/stable-latest-1/data:/data"
         "/var/run/docker.sock:/var/run/docker.sock"
-        "/nix:/nix"
       ];
       environment = {
         CONFIG_FILE = "/config.yaml";
@@ -66,10 +65,9 @@ in
         "com.centurylinklabs.watchtower.scope" = "act-runner";
       };
       volumes = [
-        "${act_path}/stable-latest-2/config.yaml:/config.yaml"
+        "${act_config_path}:/config.yaml"
         "${act_path}/stable-latest-2/data:/data"
         "/var/run/docker.sock:/var/run/docker.sock"
-        "/nix:/nix"
       ];
       environment = {
         CONFIG_FILE = "/config.yaml";
@@ -78,75 +76,6 @@ in
       environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
       log-driver = "local";
     };
-
-    act-stable-latest-3 = {
-      image = "gitea/act_runner:latest";
-      extraOptions = [
-        "--stop-signal=SIGINT"
-      ];
-      labels = {
-        "com.centurylinklabs.watchtower.enable" = "true";
-        "com.centurylinklabs.watchtower.scope" = "act-runner";
-      };
-      volumes = [
-        "${act_path}/stable-latest-3/config.yaml:/config.yaml"
-        "${act_path}/stable-latest-3/data:/data"
-        "/var/run/docker.sock:/var/run/docker.sock"
-        "/nix:/nix"
-      ];
-      environment = {
-        CONFIG_FILE = "/config.yaml";
-        GITEA_RUNNER_NAME = "stable-latest-3";
-      };
-      environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
-      log-driver = "local";
-    };
-
-    act-stable-latest-4 = {
-      image = "gitea/act_runner:latest";
-      extraOptions = [
-        "--stop-signal=SIGINT"
-      ];
-      labels = {
-        "com.centurylinklabs.watchtower.enable" = "true";
-        "com.centurylinklabs.watchtower.scope" = "act-runner";
-      };
-      volumes = [
-        "${act_path}/stable-latest-4/config.yaml:/config.yaml"
-        "${act_path}/stable-latest-4/data:/data"
-        "/var/run/docker.sock:/var/run/docker.sock"
-        "/nix:/nix"
-      ];
-      environment = {
-        CONFIG_FILE = "/config.yaml";
-        GITEA_RUNNER_NAME = "stable-latest-4";
-      };
-      environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
-      log-driver = "local";
-    };
-
-    act-stable-latest-5 = {
-      image = "gitea/act_runner:latest";
-      extraOptions = [
-        "--stop-signal=SIGINT"
-      ];
-      labels = {
-        "com.centurylinklabs.watchtower.enable" = "true";
-        "com.centurylinklabs.watchtower.scope" = "act-runner";
-      };
-      volumes = [
-        "${act_path}/stable-latest-5/config.yaml:/config.yaml"
-        "${act_path}/stable-latest-5/data:/data"
-        "/var/run/docker.sock:/var/run/docker.sock"
-        "/nix:/nix"
-      ];
-      environment = {
-        CONFIG_FILE = "/config.yaml";
-        GITEA_RUNNER_NAME = "stable-latest-5";
-      };
-      environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
-      log-driver = "local";
-    };
   };
 
   systemd = {
@@ -174,7 +103,9 @@ in
     "docker/act-runner" = {
       owner = "root";
       restartUnits = [
+        "docker-act-stable-latest-main.service"
         "docker-act-stable-latest-1.service"
+        "docker-act-stable-latest-2.service"
       ];
     };
   };

systems/palatine-hill/docker/act_config.yaml

@@ -0,0 +1,95 @@
+# Example configuration file, it's safe to copy this as the default config file without any modification.
+# You don't have to copy this file to your instance,
+# just run `./act_runner generate-config > config.yaml` to generate a config file.
+log:
+    # The level of logging, can be trace, debug, info, warn, error, fatal
+    level: debug
+runner:
+    # Where to store the registration result.
+    file: .runner
+    # Execute how many tasks concurrently at the same time.
+    capacity: 1
+    # Extra environment variables to run jobs.
+    envs:
+        A_TEST_ENV_NAME_1: a_test_env_value_1
+        A_TEST_ENV_NAME_2: a_test_env_value_2
+    # Extra environment variables to run jobs from a file.
+    # It will be ignored if it's empty or the file doesn't exist.
+    env_file: .env
+    # The timeout for a job to be finished.
+    # Please note that the Gitea instance also has a timeout (3h by default) for the job.
+    # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
+    timeout: 3h
+    # The timeout for the runner to wait for running jobs to finish when shutting down.
+    # Any running jobs that haven't finished after this timeout will be cancelled.
+    shutdown_timeout: 30m
+    # Whether skip verifying the TLS certificate of the Gitea instance.
+    insecure: false
+    # The timeout for fetching the job from the Gitea instance.
+    fetch_timeout: 5s
+    # The interval for fetching the job from the Gitea instance.
+    fetch_interval: 2s
+    # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
+    # Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+    # Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
+    # If it's empty when registering, it will ask for inputting labels.
+    # If it's empty when execute `daemon`, will use labels in `.runner` file.
+    labels:
+        - "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+        - "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
+        - "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
+        #cache:
+    # Enable cache server to use actions/cache.
+    #enabled: true
+    # The directory to store the cache data.
+    # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
+    #dir: ""
+    # The host of the cache server.
+    # It's not for the address to listen, but the address to connect from job containers.
+    # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+    #host: ""
+    # The port of the cache server.
+    # 0 means to use a random available port.
+    #port: 0
+    # The external cache server URL. Valid only when enable is true.
+    # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
+    # The URL should generally end with "/".
+    #external_server: ""
+container:
+    # Specifies the network to which the container will connect.
+    # Could be host, bridge or the name of a custom network.
+    # If it's empty, act_runner will create a network automatically.
+    network: ""
+    # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
+    privileged: false
+    # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
+    options:
+    # The parent directory of a job's working directory.
+    # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. 
+    # If the path starts with '/', the '/' will be trimmed.
+    # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
+    # If it's empty, /workspace will be used.
+    workdir_parent:
+    # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
+    # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
+    # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
+    # valid_volumes:
+    #   - data
+    #   - /src/*.json
+    # If you want to allow any volume, please use the following configuration:
+    # valid_volumes:
+    #   - '**'
+    valid_volumes: []
+    # overrides the docker client host with the specified one.
+    # If it's empty, act_runner will find an available docker host automatically.
+    # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
+    # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
+    docker_host: ""
+    # Pull docker image(s) even if already present
+    force_pull: true
+    # Rebuild docker image(s) even if already present
+    force_rebuild: false
+host:
+    # The parent directory of a job's working directory.
+    # If it's empty, $HOME/.cache/act/ will be used.
+    workdir_parent:

systems/palatine-hill/docker/minecraft.nix

@@ -9,31 +9,31 @@ let
     divinejourney = "dj.alicehuston.xyz";
     rlcraft = "rlcraft.alicehuston.xyz";
     arcanum-institute = "arcanum.alicehuston.xyz";
-    bcg-plus = "bcg.alicehuston.xyz";
+    # bcg-plus = "bcg.alicehuston.xyz";
   };
 
   defaultServer = "rlcraft";
 
-  defaultEnv = {
+  # defaultEnv = {
-    EULA = "true";
+  #   EULA = "true";
-    TYPE = "AUTO_CURSEFORGE";
+  #   TYPE = "AUTO_CURSEFORGE";
-    STOP_SERVER_ANNOUNCE_DELAY = "120";
+  #   STOP_SERVER_ANNOUNCE_DELAY = "120";
-    STOP_DURATION = "600";
+  #   STOP_DURATION = "600";
-    SYNC_CHUNK_WRITES = "false";
+  #   SYNC_CHUNK_WRITES = "false";
-    USE_AIKAR_FLAGS = "true";
+  #   USE_AIKAR_FLAGS = "true";
-    MEMORY = "8GB";
+  #   MEMORY = "8GB";
-    ALLOW_FLIGHT = "true";
+  #   ALLOW_FLIGHT = "true";
-    MAX_TICK_TIME = "-1";
+  #   MAX_TICK_TIME = "-1";
-  };
+  # };
 
-  defaultOptions = [
+  # defaultOptions = [
-    "--stop-signal=SIGTERM"
+  #   "--stop-signal=SIGTERM"
-    "--stop-timeout=1800"
+  #   "--stop-timeout=1800"
-    "--network=minecraft-net"
+  #   "--network=minecraft-net"
-  ];
+  # ];
 
-  vars = import ../vars.nix;
+  # vars = import ../vars.nix;
-  minecraft_path = "${vars.primary_games}/minecraft";
+  # minecraft_path = "${vars.primary_games}/minecraft";
 in
 {
   virtualisation.oci-containers.containers = {
@@ -67,24 +67,24 @@ in
     #   log-driver = "local";
     #   environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
     # };
-    bcg-plus = {
+    # bcg-plus = {
-      image = "itzg/minecraft-server:java17";
+    #   image = "itzg/minecraft-server:java17";
-      volumes = [
+    #   volumes = [
-        "${minecraft_path}/bcg-plus/modpacks:/modpacks:ro"
+    #     "${minecraft_path}/bcg-plus/modpacks:/modpacks:ro"
-        "${minecraft_path}/bcg-plus/data:/data"
+    #     "${minecraft_path}/bcg-plus/data:/data"
-      ];
+    #   ];
-      hostname = "bcg-plus";
+    #   hostname = "bcg-plus";
-      environment = defaultEnv // {
+    #   environment = defaultEnv // {
-        VERSION = "1.17";
+    #     VERSION = "1.17";
-        CF_SLUG = "bcg";
+    #     CF_SLUG = "bcg";
-        DIFFICULTY = "normal";
+    #     DIFFICULTY = "normal";
-        DEBUG = "true";
+    #     DEBUG = "true";
-        # ENABLE_COMMAND_BLOCK = "true";
+    #     # ENABLE_COMMAND_BLOCK = "true";
-      };
+    #   };
-      extraOptions = defaultOptions;
+    #   extraOptions = defaultOptions;
-      log-driver = "local";
+    #   log-driver = "local";
-      environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
+    #   environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
-    };
+    # };
   };
 
   sops = {