From ec150d53108bdd2fad67ba882499a324cb2812fb Mon Sep 17 00:00:00 2001 From: Hayden <22327045+hbjydev@users.noreply.github.com> Date: Thu, 2 May 2024 16:26:01 +0100 Subject: [PATCH] feat: implement github-actions mixin and actions-runner ami (#9) * feat: implement github-actions mixin and actions-runner ami * fix: bump disk size for actions-runner to 6gb * fix(actions-runner): increase build disk size * feat(actions-runner): add nix labels --- .github/workflows/flake.yaml | 1 + flake.lock | 36 +++++----- flake.nix | 15 +++++ modules/mixins/github-actions/default.nix | 81 +++++++++++++++++++++++ 4 files changed, 112 insertions(+), 21 deletions(-) create mode 100644 modules/mixins/github-actions/default.nix diff --git a/.github/workflows/flake.yaml b/.github/workflows/flake.yaml index e0d0e1d..60894b3 100644 --- a/.github/workflows/flake.yaml +++ b/.github/workflows/flake.yaml @@ -35,6 +35,7 @@ jobs: profile: - gc-fwd - ecs-node + - actions-runner steps: - uses: cachix/install-nix-action@v25 with: diff --git a/flake.lock b/flake.lock index 06a270e..b90305b 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "lastModified": 1714641030, + "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1714076141, - "narHash": "sha256-Drmja/f5MRHZCskS6mvzFqxEaZMeciScCTFxWVLqWEY=", + "lastModified": 1714253743, + "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7bb2ccd8cdc44c91edba16c48d2c8f331fb3d856", + "rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994", "type": "github" }, "original": { @@ -71,20 +71,14 @@ }, "nixpkgs-lib": { "locked": { - "dir": "lib", - "lastModified": 1711703276, - "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", - "type": "github" + "lastModified": 1714640452, + "narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" }, "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" } }, "root": { @@ -102,11 +96,11 @@ ] }, "locked": { - "lastModified": 1714444742, - "narHash": "sha256-FOWYXEEtwYKAGmXgKVYli/VsA8XpeR+4wNKt+3M/9b4=", + "lastModified": 1714611022, + "narHash": "sha256-Cneh2G54TO1eVQBxLZp0JlW8LWbTE/N1WjcE2W+F3pI=", "owner": "nix-community", "repo": "srvos", - "rev": "b18e74f2245eaae150bc753821079c2512fe1516", + "rev": "1fa90a0a81fec38c117397fde79733cc78f12815", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 10b9090..3047d83 100644 --- a/flake.nix +++ b/flake.nix @@ -48,6 +48,21 @@ ]; format = "amazon"; # ami }; + + actions-runner = inputs.nixos-generators.nixosGenerate { + inherit system; + modules = [ + ({...}: { amazonImage.sizeMB = 6 * 1024; }) + inputs.srvos.nixosModules.server + inputs.srvos.nixosModules.hardware-amazon + ./modules/profiles/common.nix + ./modules/mixins/github-actions + ]; + specialArgs = { + diskSize = 6 * 1024; # 6GB + }; + format = "amazon"; # ami + }; }; }; }; diff --git a/modules/mixins/github-actions/default.nix b/modules/mixins/github-actions/default.nix new file mode 100644 index 0000000..51e8edb --- /dev/null +++ b/modules/mixins/github-actions/default.nix @@ -0,0 +1,81 @@ +# GitHub Actions runner mixin +# In theory, compatible with x86_64-linux and aarch64-linux. +{ pkgs, ... }: +let + name = "altf4llc-${pkgs.stdenv.system}"; +in +{ + imports = [ + ../alloy + ../docker + ]; + + nix = { + extraOptions = '' + min-free = ${toString (5 * 1024 * 1024 * 1024)} + max-free = ${toString (5 * 1024 * 1024 * 1024)} + extra-experimental-features = flakes nix-command + ''; + settings = { + cores = 4; + trusted-users = [ "root" "github-runner" ]; + }; + }; + + users.groups.github-runner = {}; + users.users.github-runner = { + group = "github-runner"; + extraGroups = [ "docker" ]; + isNormalUser = true; + home = "/run/github-runner/${name}"; + }; + + services.github-runners.${name} = { + enable = true; + url = "https://github.com/ALT-F4-LLC"; + user = "github-runner"; + tokenFile = "/run/keys/github-runner"; + serviceOverrides = { + ReadWritePaths = [ "/nix/var/nix/profiles/per-user/" ]; + ProtectHome = "tmpfs"; + }; + + extraLabels = [ "nixos" "nix" pkgs.stdenv.system ]; + + extraPackages = with pkgs; [ + awscli2 + bashInteractive + bzip2 + cachix + coreutils-full + cpio + curl + diffutils + docker + findutils + gawk + getconf + getent + gnugrep + gnupatch + gnused + gnutar + gzip + jq + just + less + mkpasswd + ncurses + netcat + nixos-rebuild + openssh + procps + stdenv.cc.libc + time + util-linux + which + xz + zstd + ]; + }; +}