home/nixos-servers
home/nixos-servers
Archived
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

Remove forgejo runner

Browse source 
Migrate forgejo data to longhorn
This commit is contained in:
Pim Kunis 2024-05-23 21:07:32 +02:00
parent 1e79b3ed75
commit 1e894a8672
5 changed files with 6 additions and 191 deletions
Download patch file Download diff file Expand all files Collapse all files

136
kubenix-modules/forgejo/default.nix
View file

@ -1,11 +1,8 @@
{ lib, myLib, ... }: {
kubernetes.resources = {
secrets.runner-secret.stringData.token = "ref+sops://secrets/sops.yaml#/forgejo/runnerToken";
configMaps = {
forgejo-config.data = {
config = lib.generators.toINI { } (import ./config.nix);
runner-config = lib.generators.toYAML { } (import ./runner-config.nix);
};
forgejo-env.data = {
@ -64,111 +61,6 @@
};
};
};
# Forgejo-runner for docker in docker (dind) on Kubernetes:
# https://code.forgejo.org/forgejo/runner/src/branch/main/examples/kubernetes/dind-docker.yaml
forgejo-runner = {
metadata.labels = {
app = "forgejo";
component = "runner";
};
spec = {
selector.matchLabels = {
app = "forgejo";
component = "runner";
};
template = {
metadata.labels = {
app = "forgejo";
component = "runner";
};
spec = {
restartPolicy = "Always";
serviceAccountName = "forgejo-runner";
initContainers.runner-register = {
image = "code.forgejo.org/forgejo/runner:3.2.0";
command = [ "forgejo-runner" "register" "--no-interactive" "--token" "$(RUNNER_SECRET)" "--name" "$(RUNNER_NAME)" "--instance" "$(FORGEJO_INSTANCE_URL)" ];
env = {
RUNNER_NAME.value = "runner";
FORGEJO_INSTANCE_URL.value = "https://git.kun.is";
RUNNER_SECRET.valueFrom.secretKeyRef = {
name = "runner-secret";
key = "token";
};
};
resources.limits = {
cpu = "0.50";
memory = "64Mi";
};
volumeMounts = [
{
name = "data";
mountPath = "/data";
}
{
name = "config";
mountPath = "/etc/runner-config.yaml";
subPath = "runner-config";
}
];
};
containers = {
runner = {
image = "code.forgejo.org/forgejo/runner:3.0.0";
command = [ "sh" "-c" "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner --config /etc/runner-config.yaml daemon" ];
env = {
DOCKER_HOST.value = "tcp://localhost:2376";
DOCKER_CERT_PATH.value = "/certs/client";
DOCKER_TLS_VERIFY.value = "1";
};
volumeMounts = [
{
name = "data";
mountPath = "/data";
}
{
name = "certs";
mountPath = "/certs";
}
{
name = "config";
mountPath = "/etc/runner-config.yaml";
subPath = "runner-config";
}
];
};
daemon = {
image = "docker:23.0.6-dind";
securityContext.privileged = true;
env.DOCKER_TLS_CERTDIR.value = "/certs";
volumeMounts = [{
name = "certs";
mountPath = "/certs";
}];
};
};
volumes = {
data.persistentVolumeClaim.claimName = "forgejo-runner-data";
certs.persistentVolumeClaim.claimName = "forgejo-runner-certs";
config.configMap.name = "forgejo-config";
};
};
};
};
};
};
services = {
@ -195,34 +87,6 @@
};
};
};
serviceAccounts.forgejo-runner = { };
clusterRoles.forgejo-runner.rules = [
{
apiGroups = [ "*" ];
resources = [ "*" ];
verbs = [ "*" ];
}
{
nonResourceURLs = [ "*" ];
verbs = [ "*" ];
}
];
clusterRoleBindings.forgejo-runner = {
subjects = [{
kind = "ServiceAccount";
name = "forgejo-runner";
namespace = "default";
}];
roleRef = {
kind = "ClusterRole";
name = "forgejo-runner";
apiGroup = "rbac.authorization.k8s.io";
};
};
};
lab = {

34
kubenix-modules/forgejo/runner-config.nix
View file

@ -1,34 +0,0 @@
{
log.level = "trace";
host.workdir_parent = "";
runner = {
file = "/data/.runner";
capacity = 4;
env_file = ".env";
timeout = "3h";
insecure = false;
fetch_timeout = "5s";
fetch_interval = "2s";
labels = [ ];
envs = { };
};
cache = {
enabled = true;
dir = "";
host = "";
port = 0;
external_server = "";
};
container = {
network = "";
privileged = false;
options = "";
workdir_parent = "";
valid_volumes = [ "**" ];
docker_host = "";
force_pull = false;
};
}

15
kubenix-modules/volumes.nix
View file

@ -5,19 +5,14 @@
# volumeMounts = [
# {
# name = "pihole-data";
# mountPath = "/pihole/data";
# }
# {
# name = "pihole-dnsmasq";
# mountPath = "/pihole/dnsmasq";
# name = "forgejo";
# mountPath = "/forgejo";
# }
# ];
# };
# volumes = {
# pihole-data.persistentVolumeClaim.claimName = "pihole-data";
# pihole-dnsmasq.persistentVolumeClaim.claimName = "pihole-dnsmasq";
# forgejo.persistentVolumeClaim.claimName = "forgejo";
# };
# };
@ -30,6 +25,7 @@
nextcloud.storage = "50Gi";
pihole-data.storage = "750Mi";
pihole-dnsmasq.storage = "16Mi";
forgejo.storage = "20Gi";
};
nfsVolumes = {
@ -47,9 +43,6 @@
kitchenowl.path = "kitchenowl/data";
paperless-ngx-redisdata.path = "paperless-ngx/redisdata";
paperless-ngx-data.path = "paperless-ngx/data";
forgejo.path = "forgejo/data";
forgejo-runner-data.path = "forgejo/runner/data";
forgejo-runner-certs.path = "forgejo/runner/certs";
};
};
}