diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml index ee456fc..aae572c 100644 --- a/.forgejo/workflows/build.yaml +++ b/.forgejo/workflows/build.yaml @@ -9,6 +9,12 @@ jobs: name: Checkout repository - name: Attic login run: attic login nixfleet http://sisko.wg.aciceri.dev:8081 ${{secrets.ATTIC_NIXFLEET_TOKEN}} + - name: Setup SSH + run: | + mkdir -p ~/.ssh + echo "${{secrets.FORGEJO_SSH_KEY}}" > ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 + ssh-keyscan github.com >> ~/.ssh/known_hosts - name: Build with nix run: nix-fast-build --no-nom --systems "x86_64-linux aarch64-linux" --attic-cache "nixfleet" --skip-cached --result-file result.json || true - name: Report checks diff --git a/.forgejo/workflows/update-flake-lock.yaml b/.forgejo/workflows/update-flake-lock.yaml index 7a45fc4..abe16bd 100644 --- a/.forgejo/workflows/update-flake-lock.yaml +++ b/.forgejo/workflows/update-flake-lock.yaml @@ -1,7 +1,7 @@ name: update-flake-lock on: schedule: - - cron: "0 15 * * *" # daily at 15:00 + - cron: "0 15 * * 1" # weekly on Monday at 15:00 jobs: lockfile: diff --git a/lib/default.nix b/lib/default.nix index 4330d49..3d15451 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -4,6 +4,7 @@ ccr-ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIm9Sl/I+5G4g4f6iE4oCUJteP58v+wMIew9ZuLB+Gea"; oneplus8t = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8da1Mf11vXFF0kVDgxocVoGwpHHMEs9emS9T+v8hLb oneplus8t"; hercules-ci-agent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPupm00BiveTIYF6CNwuMijF5VvEaPDMjvt+vMlAy+N hercules-ci-agent"; + forgejo-ci = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH5mbqLoZ/0J45J7J+17XMGv/dXs3DGABJsnvDv4rgC9 forgjeo-ci"; }; hosts = { kirk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAH49KzayIro3L1bteR7nwupMM/vKlDh05t5/DFD9/uz"; diff --git a/modules/forgejo-runners/default.nix b/modules/forgejo-runners/default.nix index 3234a46..f6d7682 100644 --- a/modules/forgejo-runners/default.nix +++ b/modules/forgejo-runners/default.nix @@ -17,6 +17,7 @@ let gnugrep gawk git + openssh nix bash jq @@ -38,15 +39,6 @@ let cp -a "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" $out/etc/ssl/certs/ca-bundle.crt ''; numInstances = 1; - pushToCache = pkgs.writeScript "push-to-cache.sh" '' - #!/bin/sh - set -eu - set -f # disable globbing - export IFS=' ' - - echo "Uploading paths" $OUT_PATHS - exec nix copy --to "s3://cache?profile=default®ion=eu-south-1&scheme=https&endpoint=cache.aciceri.dev" $OUT_PATHS - ''; in lib.mkMerge [ { @@ -80,7 +72,6 @@ lib.mkMerge [ cat < etc/nix/nix.conf accept-flake-config = true experimental-features = nix-command flakes - post-build-hook = ${pushToCache} include access-tokens NIX_CONFIG @@ -121,22 +112,9 @@ lib.mkMerge [ nix.settings.trusted-users = [ "nixuser" ]; } { - # Format of the token file: virtualisation = { podman.enable = true; }; - - # virtualisation.containers.storage.settings = { - # storage.driver = "zfs"; - # storage.graphroot = "/var/lib/containers/storage"; - # storage.runroot = "/run/containers/storage"; - # storage.options.zfs.fsname = "zroot/root/podman"; - # }; - - # virtualisation.containers.containersConf.settings = { - # # podman seems to not work with systemd-resolved - # containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ]; - # }; } { systemd.services =