ahuston-0
c35afc9802
All checks were successful
Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 9s
Check Nix formatting / Perform Nix format checks (pull_request) Successful in 2m37s
Check Nix flake / Perform Nix flake checks (ubuntu-latest) (pull_request) Successful in 10m10s
Check Nix flake / Build nix outputs (ubuntu-latest) (pull_request) Successful in 13m58s
115 lines
3.2 KiB
Nix
115 lines
3.2 KiB
Nix
{
|
|
config,
|
|
...
|
|
}:
|
|
|
|
let
|
|
vars = import ../vars.nix;
|
|
act_path = vars.primary_act;
|
|
in
|
|
{
|
|
virtualisation.oci-containers.containers = {
|
|
act-stable-latest-main = {
|
|
image = "gitea/act_runner:latest";
|
|
extraOptions = [
|
|
"--stop-signal=SIGINT"
|
|
];
|
|
labels = {
|
|
"com.centurylinklabs.watchtower.enable" = "true";
|
|
"com.centurylinklabs.watchtower.scope" = "act-runner";
|
|
};
|
|
ports = [ "8088:8088" ];
|
|
volumes = [
|
|
"${act_path}/stable-latest-main/config.yaml:/config.yaml"
|
|
"${act_path}/stable-latest-main/data:/data"
|
|
"/var/run/docker.sock:/var/run/docker.sock"
|
|
"/nix:/nix"
|
|
];
|
|
environment = {
|
|
CONFIG_FILE = "/config.yaml";
|
|
GITEA_RUNNER_NAME = "stable-latest-main";
|
|
};
|
|
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
|
|
log-driver = "local";
|
|
};
|
|
|
|
act-stable-latest-1 = {
|
|
image = "gitea/act_runner:latest";
|
|
extraOptions = [
|
|
"--stop-signal=SIGINT"
|
|
];
|
|
labels = {
|
|
"com.centurylinklabs.watchtower.enable" = "true";
|
|
"com.centurylinklabs.watchtower.scope" = "act-runner";
|
|
};
|
|
volumes = [
|
|
"${act_path}/stable-latest-1/config.yaml:/config.yaml"
|
|
"${act_path}/stable-latest-1/data:/data"
|
|
"/var/run/docker.sock:/var/run/docker.sock"
|
|
"/nix:/nix"
|
|
];
|
|
environment = {
|
|
CONFIG_FILE = "/config.yaml";
|
|
GITEA_RUNNER_NAME = "stable-latest-1";
|
|
};
|
|
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
|
|
log-driver = "local";
|
|
};
|
|
|
|
act-stable-latest-2 = {
|
|
image = "gitea/act_runner:latest";
|
|
extraOptions = [
|
|
"--stop-signal=SIGINT"
|
|
];
|
|
labels = {
|
|
"com.centurylinklabs.watchtower.enable" = "true";
|
|
"com.centurylinklabs.watchtower.scope" = "act-runner";
|
|
};
|
|
volumes = [
|
|
"${act_path}/stable-latest-2/config.yaml:/config.yaml"
|
|
"${act_path}/stable-latest-2/data:/data"
|
|
"/var/run/docker.sock:/var/run/docker.sock"
|
|
"/nix:/nix"
|
|
];
|
|
environment = {
|
|
CONFIG_FILE = "/config.yaml";
|
|
GITEA_RUNNER_NAME = "stable-latest-2";
|
|
};
|
|
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
|
|
log-driver = "local";
|
|
};
|
|
};
|
|
|
|
systemd = {
|
|
timers."custom-watchtower@act-runner" = {
|
|
wantedBy = [ "timers.target" ];
|
|
timerConfig = {
|
|
OnBootSec = "20m";
|
|
OnUnitActiveSec = "5m";
|
|
Unit = "custom-watchtower@act-runner.service";
|
|
};
|
|
};
|
|
services."custom-watchtower@act-runner" = {
|
|
bindsTo = [ "docker.service" ];
|
|
after = [ "docker.service" ];
|
|
description = "a watchtower-esque script for systemd-based oci-containers";
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
User = "root";
|
|
ExecStart = "${config.nix.package}/bin/nix ${./watchtower.bash} 'com.centurylinklabs.watchtower.scope' 'act-runner'";
|
|
};
|
|
};
|
|
};
|
|
|
|
sops.secrets = {
|
|
"docker/act-runner" = {
|
|
owner = "root";
|
|
restartUnits = [
|
|
"docker-act-stable-latest-main.service"
|
|
"docker-act-stable-latest-1.service"
|
|
"docker-act-stable-latest-2.service"
|
|
];
|
|
};
|
|
};
|
|
}
|