home/nixos-servers
home/nixos-servers
Archived
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

add forgejo runner

Browse source
This commit is contained in:
Pim Kunis 2024-04-17 23:19:08 +02:00
parent a56de1672e
commit 39410c4bae
2 changed files with 142 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

171
kubenix-modules/forgejo.nix
View file

@ -1,5 +1,7 @@
{ myLib, ... }: {
kubernetes.resources = {
secrets.runner-secret.stringData.token = "ref+sops://secrets/sops.yaml#/forgejo/runnerToken";
configMaps = {
forgejo-config.data = {
# TODO: Generate from nix code?
@ -117,41 +119,143 @@
};
};
deployments.forgejo = {
metadata.labels.app = "forgejo";
deployments = {
forgejo = {
metadata.labels = {
app = "forgejo";
component = "forgejo";
};
spec = {
selector.matchLabels.app = "forgejo";
spec = {
selector.matchLabels = {
app = "forgejo";
component = "forgejo";
};
template = {
metadata.labels.app = "forgejo";
spec = {
containers.forgejo = {
image = "codeberg.org/forgejo/forgejo:1.20";
envFrom = [{ configMapRef.name = "forgejo-env"; }];
ports = {
web.containerPort = 3000;
ssh.containerPort = 22;
};
volumeMounts = [
{
name = "data";
mountPath = "/data";
}
{
name = "config";
mountPath = "/data/gitea/conf/app.ini";
subPath = "config";
}
];
template = {
metadata.labels = {
app = "forgejo";
component = "forgejo";
};
volumes = {
data.persistentVolumeClaim.claimName = "forgejo";
config.configMap.name = "forgejo-config";
spec = {
containers.forgejo = {
image = "codeberg.org/forgejo/forgejo:1.21";
envFrom = [{ configMapRef.name = "forgejo-env"; }];
ports = {
web.containerPort = 3000;
ssh.containerPort = 22;
};
volumeMounts = [
{
name = "data";
mountPath = "/data";
}
{
name = "config";
mountPath = "/data/gitea/conf/app.ini";
subPath = "config";
}
];
};
volumes = {
data.persistentVolumeClaim.claimName = "forgejo";
config.configMap.name = "forgejo-config";
};
};
};
};
};
# Forgejo-runner for docker in docker (dind) on Kubernetes:
# https://code.forgejo.org/forgejo/runner/src/branch/main/examples/kubernetes/dind-docker.yaml
forgejo-runner = {
metadata.labels = {
app = "forgejo";
component = "runner";
};
spec = {
selector.matchLabels = {
app = "forgejo";
component = "runner";
};
template = {
metadata.labels = {
app = "forgejo";
component = "runner";
};
spec = {
restartPolicy = "Always";
volumes = {
docker-certs.emptyDir = { };
runner-data.emptyDir = { };
};
initContainers.runner-register = {
image = "code.forgejo.org/forgejo/runner:3.2.0";
command = [ "forgejo-runner" "register" "--no-interactive" "--token" "$(RUNNER_SECRET)" "--name" "$(RUNNER_NAME)" "--instance" "$(FORGEJO_INSTANCE_URL)" ];
env = {
RUNNER_NAME.value = "runner";
FORGEJO_INSTANCE_URL.value = "https://git.kun.is";
RUNNER_SECRET.valueFrom.secretKeyRef = {
name = "runner-secret";
key = "token";
};
};
resources.limits = {
cpu = "0.50";
memory = "64Mi";
};
volumeMounts = [{
name = "runner-data";
mountPath = "/data";
}];
};
containers = {
runner = {
image = "code.forgejo.org/forgejo/runner:3.0.0";
command = [ "sh" "-c" "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon" ];
env = {
DOCKER_HOST.value = "tcp://localhost:2376";
DOCKER_CERT_PATH.value = "/certs/client";
DOCKER_TLS_VERIFY.value = "1";
};
volumeMounts = [
{
name = "docker-certs";
mountPath = "/certs";
}
{
name = "runner-data";
mountPath = "/data";
}
];
};
daemon = {
image = "docker:23.0.6-dind";
securityContext.privileged = true;
env.DOCKER_TLS_CERTDIR.value = "/certs";
volumeMounts = [{
name = "docker-certs";
mountPath = "/certs";
}];
};
};
};
};
};
@ -160,7 +264,10 @@
services = {
forgejo-web.spec = {
selector.app = "forgejo";
selector = {
app = "forgejo";
component = "forgejo";
};
ports.web = {
port = 80;