summaryrefslogtreecommitdiff
path: root/os/kay/modules/services/github-runner.nix
diff options
context:
space:
mode:
Diffstat (limited to 'os/kay/modules/services/github-runner.nix')
-rw-r--r--os/kay/modules/services/github-runner.nix41
1 files changed, 41 insertions, 0 deletions
diff --git a/os/kay/modules/services/github-runner.nix b/os/kay/modules/services/github-runner.nix
new file mode 100644
index 0000000..dd4d48d
--- /dev/null
+++ b/os/kay/modules/services/github-runner.nix
@@ -0,0 +1,41 @@
+{ config, ... }:
+let
+ repo = "nocodb/nocodb";
+ nocodbRunnerUser = "nocodbrunner";
+ user = config.global.userdata.name;
+in
+{
+ sops.secrets = {
+ "github-runner/nocodb-registration-token" = { };
+ "github-runner/age-master-key" = { };
+ };
+
+ # required by github:nocodb/nocodb docker builds
+ virtualisation.docker.enable = true;
+ users.groups.${nocodbRunnerUser} = { };
+ users.extraGroups.docker.members = [
+ user
+ nocodbRunnerUser
+ ];
+ users.users.nocodbrunner = {
+ name = nocodbRunnerUser;
+ group = nocodbRunnerUser;
+ isSystemUser = true;
+ };
+ services.github-runners.kay = {
+ user = nocodbRunnerUser;
+ group = nocodbRunnerUser;
+ enable = true;
+ noDefaultLabels = true;
+ extraLabels = [ "nix" ];
+ tokenFile = config.sops.secrets."github-runner/nocodb-registration-token".path;
+ url = "https://github.com/${repo}";
+ };
+
+ systemd.services."github-runner-kay" = {
+ environment.SOPS_AGE_KEY_FILE = "%d/age-master-key";
+ serviceConfig.LoadCredential = "age-master-key:${
+ config.sops.secrets."github-runner/age-master-key".path
+ }";
+ };
+}