add forgejo runner
This commit is contained in:
parent
a56de1672e
commit
39410c4bae
2 changed files with 142 additions and 34 deletions
|
@ -1,5 +1,7 @@
|
|||
{ myLib, ... }: {
|
||||
kubernetes.resources = {
|
||||
secrets.runner-secret.stringData.token = "ref+sops://secrets/sops.yaml#/forgejo/runnerToken";
|
||||
|
||||
configMaps = {
|
||||
forgejo-config.data = {
|
||||
# TODO: Generate from nix code?
|
||||
|
@ -117,18 +119,28 @@
|
|||
};
|
||||
};
|
||||
|
||||
deployments.forgejo = {
|
||||
metadata.labels.app = "forgejo";
|
||||
deployments = {
|
||||
forgejo = {
|
||||
metadata.labels = {
|
||||
app = "forgejo";
|
||||
component = "forgejo";
|
||||
};
|
||||
|
||||
spec = {
|
||||
selector.matchLabels.app = "forgejo";
|
||||
selector.matchLabels = {
|
||||
app = "forgejo";
|
||||
component = "forgejo";
|
||||
};
|
||||
|
||||
template = {
|
||||
metadata.labels.app = "forgejo";
|
||||
metadata.labels = {
|
||||
app = "forgejo";
|
||||
component = "forgejo";
|
||||
};
|
||||
|
||||
spec = {
|
||||
containers.forgejo = {
|
||||
image = "codeberg.org/forgejo/forgejo:1.20";
|
||||
image = "codeberg.org/forgejo/forgejo:1.21";
|
||||
envFrom = [{ configMapRef.name = "forgejo-env"; }];
|
||||
|
||||
ports = {
|
||||
|
@ -158,9 +170,104 @@
|
|||
};
|
||||
};
|
||||
|
||||
# Forgejo-runner for docker in docker (dind) on Kubernetes:
|
||||
# https://code.forgejo.org/forgejo/runner/src/branch/main/examples/kubernetes/dind-docker.yaml
|
||||
forgejo-runner = {
|
||||
metadata.labels = {
|
||||
app = "forgejo";
|
||||
component = "runner";
|
||||
};
|
||||
|
||||
spec = {
|
||||
selector.matchLabels = {
|
||||
app = "forgejo";
|
||||
component = "runner";
|
||||
};
|
||||
|
||||
template = {
|
||||
metadata.labels = {
|
||||
app = "forgejo";
|
||||
component = "runner";
|
||||
};
|
||||
|
||||
spec = {
|
||||
restartPolicy = "Always";
|
||||
|
||||
volumes = {
|
||||
docker-certs.emptyDir = { };
|
||||
runner-data.emptyDir = { };
|
||||
};
|
||||
|
||||
initContainers.runner-register = {
|
||||
image = "code.forgejo.org/forgejo/runner:3.2.0";
|
||||
command = [ "forgejo-runner" "register" "--no-interactive" "--token" "$(RUNNER_SECRET)" "--name" "$(RUNNER_NAME)" "--instance" "$(FORGEJO_INSTANCE_URL)" ];
|
||||
|
||||
env = {
|
||||
RUNNER_NAME.value = "runner";
|
||||
FORGEJO_INSTANCE_URL.value = "https://git.kun.is";
|
||||
RUNNER_SECRET.valueFrom.secretKeyRef = {
|
||||
name = "runner-secret";
|
||||
key = "token";
|
||||
};
|
||||
};
|
||||
|
||||
resources.limits = {
|
||||
cpu = "0.50";
|
||||
memory = "64Mi";
|
||||
};
|
||||
|
||||
volumeMounts = [{
|
||||
name = "runner-data";
|
||||
mountPath = "/data";
|
||||
}];
|
||||
};
|
||||
|
||||
containers = {
|
||||
runner = {
|
||||
image = "code.forgejo.org/forgejo/runner:3.0.0";
|
||||
command = [ "sh" "-c" "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon" ];
|
||||
|
||||
env = {
|
||||
DOCKER_HOST.value = "tcp://localhost:2376";
|
||||
DOCKER_CERT_PATH.value = "/certs/client";
|
||||
DOCKER_TLS_VERIFY.value = "1";
|
||||
};
|
||||
|
||||
volumeMounts = [
|
||||
{
|
||||
name = "docker-certs";
|
||||
mountPath = "/certs";
|
||||
}
|
||||
{
|
||||
name = "runner-data";
|
||||
mountPath = "/data";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
daemon = {
|
||||
image = "docker:23.0.6-dind";
|
||||
securityContext.privileged = true;
|
||||
env.DOCKER_TLS_CERTDIR.value = "/certs";
|
||||
|
||||
volumeMounts = [{
|
||||
name = "docker-certs";
|
||||
mountPath = "/certs";
|
||||
}];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
forgejo-web.spec = {
|
||||
selector.app = "forgejo";
|
||||
selector = {
|
||||
app = "forgejo";
|
||||
component = "forgejo";
|
||||
};
|
||||
|
||||
ports.web = {
|
||||
port = 80;
|
||||
|
|
|
@ -15,6 +15,7 @@ kitchenowl:
|
|||
forgejo:
|
||||
lfsJwtSecret: ENC[AES256_GCM,data:TZaptdiX/3HT2Q5lHqAOEQBkT3gV49dD6+RIludIcJVA6AevijgDonuVQA==,iv:hwU0K4JjFs8LaSNe5Dqmsj5Vz/w3sOWgSrnEW22bM/M=,tag:RJTDtYqRQdGVQ6PO2V+31g==,type:str]
|
||||
internalToken: ENC[AES256_GCM,data:28sIm0OW2G48ZECjCf5WM9/O5kbo54S96aD20MYfGrK0pbxgAwLjL8jXO/dNobSQ+26vet2WKfLbC9MPdBjhsQ5zC/keGHUFw6TPqnuhFchTLnP+JvMoqNZzcRo2kHi/EM93luG6xQvy,iv:Iy+1EVS7lvLust4MPkxyFonna/q1NVzRyMcTSJ3F5oM=,tag:v075jl/jtqcjSkEhRZVO2g==,type:str]
|
||||
runnerToken: ENC[AES256_GCM,data:F6PsbkhT1epKfi9MpLpMqDosloVkhIiq/olBi/bbt8k88qxfw0vwvg==,iv:I/LH8V0Um+PCpjSrcjiZAN71nXcqv1m84wBUPLWT33Q=,tag:Y3qhbt7OqkRbHOCXRKLUeg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -30,8 +31,8 @@ sops:
|
|||
dVBPbkRib1M1cmVKZzl4TWpoSml2WDQK45jJDXpPXIBoaANhjZSWYVZ8mI51LAin
|
||||
EqgBj7VKY+CQbw1gMd1Fdh8iDYraowwcLyd/ZhZ/M0kIdkCc5E1a5g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-14T12:05:53Z"
|
||||
mac: ENC[AES256_GCM,data:T4Uvkt28ACuLZv7FkJt9Nlhes1fVxasOnGgXpdhvMyf8DS4SFHBUQ0o6UsDcmjHixs/GFEkHNLa22V1PomNlPbpZ+ysNeYN0M/q8fguhpINMoJQlXQ6HXTEy7JQ9IBRfx010/1imjiNJ8QXkTYnDqDKk9sMhpJxubX8rBnGccJ4=,iv:rACUx2Nn8R8KgTF+OSP9MaW7yfNH8fOhlEEAynsdHsE=,tag:K2+iK/i0mDt7eNJlcE96NA==,type:str]
|
||||
lastmodified: "2024-04-17T21:16:56Z"
|
||||
mac: ENC[AES256_GCM,data:ICOsWZ7F7boyYhkFGgqJZOCY9aPXI5YvQfqcKkj4Pt/LoU9+PDi2iSDN47VTTloqIXap4PhEMEi7He6AV3r9DTHKT5PxQcWxESGffLlUlK7Q3a/H1V63Sdy9Ct1PycKupjEEWylYXWTWG5/dGe9qh6u1ZS7adz5fHxA3Y8MT6Dg=,iv:61IexBQQse6iShry10toUAjc3gLf588PKJFK+aJWCbY=,tag:wrSM4ipHBMXIEfLLLGe/Tw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
Loading…
Reference in a new issue