From 40ba54a6b09bfa01016dd8f659170bb8f4c41bb2 Mon Sep 17 00:00:00 2001 From: Hayden Young <22327045+hbjydev@users.noreply.github.com> Date: Thu, 2 May 2024 00:42:00 +0100 Subject: [PATCH 1/4] feat: implement github-actions mixin and actions-runner ami --- .github/workflows/flake.yaml | 1 + flake.nix | 11 ++++ modules/mixins/github-actions/default.nix | 79 +++++++++++++++++++++++ 3 files changed, 91 insertions(+) create mode 100644 modules/mixins/github-actions/default.nix diff --git a/.github/workflows/flake.yaml b/.github/workflows/flake.yaml index e0d0e1d..60894b3 100644 --- a/.github/workflows/flake.yaml +++ b/.github/workflows/flake.yaml @@ -35,6 +35,7 @@ jobs: profile: - gc-fwd - ecs-node + - actions-runner steps: - uses: cachix/install-nix-action@v25 with: diff --git a/flake.nix b/flake.nix index 10b9090..75df90b 100644 --- a/flake.nix +++ b/flake.nix @@ -48,6 +48,17 @@ ]; format = "amazon"; # ami }; + + actions-runner = inputs.nixos-generators.nixosGenerate { + inherit system; + modules = [ + inputs.srvos.nixosModules.server + inputs.srvos.nixosModules.hardware-amazon + ./modules/profiles/common.nix + ./modules/mixins/github-actions + ]; + format = "amazon"; # ami + }; }; }; }; diff --git a/modules/mixins/github-actions/default.nix b/modules/mixins/github-actions/default.nix new file mode 100644 index 0000000..c741930 --- /dev/null +++ b/modules/mixins/github-actions/default.nix @@ -0,0 +1,79 @@ +# GitHub Actions runner mixin +# In theory, compatible with x86_64-linux and aarch64-linux. +{ pkgs, ... }: +let + name = "altf4llc-${pkgs.stdenv.system}"; +in +{ + imports = [ + ../alloy + ../docker + ]; + + nix = { + extraOptions = '' + min-free = ${toString (5 * 1024 * 1024 * 1024)} + max-free = ${toString (5 * 1024 * 1024 * 1024)} + extra-experimental-features = flakes nix-command + ''; + settings = { + cores = 4; + trusted-users = [ "root" "github-runner" ]; + }; + }; + + users.groups.github-runner = {}; + users.users.github-runner = { + group = "github-runner"; + extraGroups = [ "docker" ]; + isNormalUser = true; + home = "/run/github-runner/${name}"; + }; + + services.github-runners.${name} = { + enable = true; + url = "https://github.com/ALT-F4-LLC"; + user = "github-runner"; + tokenFile = "/run/keys/github-runner"; + serviceOverrides = { + ReadWritePaths = [ "/nix/var/nix/profiles/per-user/" ]; + ProtectHome = "tmpfs"; + }; + + extraPackages = with pkgs; [ + awscli2 + bashInteractive + bzip2 + cachix + coreutils-full + cpio + curl + diffutils + docker + findutils + gawk + getconf + getent + gnugrep + gnupatch + gnused + gnutar + gzip + jq + just + less + mkpasswd + ncurses + netcat + nixos-rebuild + openssh + procps + stdenv.cc.libc + time + util-linux + which + xz + zstd + ]; + }; +} From b30d6c53da9e7d9ec74d36766333e5277602176e Mon Sep 17 00:00:00 2001 From: Hayden Young <22327045+hbjydev@users.noreply.github.com> Date: Thu, 2 May 2024 00:49:08 +0100 Subject: [PATCH 2/4] fix: bump disk size for actions-runner to 6gb --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index 75df90b..4af9e95 100644 --- a/flake.nix +++ b/flake.nix @@ -57,6 +57,7 @@ ./modules/profiles/common.nix ./modules/mixins/github-actions ]; + specialArgs.diskSize = 6 * 1024; format = "amazon"; # ami }; }; From 8bc3494b1aa88079dc2a942f31e4c68de340850d Mon Sep 17 00:00:00 2001 From: Hayden Young <22327045+hbjydev@users.noreply.github.com> Date: Thu, 2 May 2024 15:58:52 +0100 Subject: [PATCH 3/4] fix(actions-runner): increase build disk size --- flake.lock | 36 +++++++++++++++--------------------- flake.nix | 5 ++++- 2 files changed, 19 insertions(+), 22 deletions(-) diff --git a/flake.lock b/flake.lock index 06a270e..b90305b 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "lastModified": 1714641030, + "narHash": "sha256-yzcRNDoyVP7+SCNX0wmuDju1NUCt8Dz9+lyUXEI0dbI=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "rev": "e5d10a24b66c3ea8f150e47dfdb0416ab7c3390e", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1714076141, - "narHash": "sha256-Drmja/f5MRHZCskS6mvzFqxEaZMeciScCTFxWVLqWEY=", + "lastModified": 1714253743, + "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7bb2ccd8cdc44c91edba16c48d2c8f331fb3d856", + "rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994", "type": "github" }, "original": { @@ -71,20 +71,14 @@ }, "nixpkgs-lib": { "locked": { - "dir": "lib", - "lastModified": 1711703276, - "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", - "type": "github" + "lastModified": 1714640452, + "narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" }, "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" } }, "root": { @@ -102,11 +96,11 @@ ] }, "locked": { - "lastModified": 1714444742, - "narHash": "sha256-FOWYXEEtwYKAGmXgKVYli/VsA8XpeR+4wNKt+3M/9b4=", + "lastModified": 1714611022, + "narHash": "sha256-Cneh2G54TO1eVQBxLZp0JlW8LWbTE/N1WjcE2W+F3pI=", "owner": "nix-community", "repo": "srvos", - "rev": "b18e74f2245eaae150bc753821079c2512fe1516", + "rev": "1fa90a0a81fec38c117397fde79733cc78f12815", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 4af9e95..3047d83 100644 --- a/flake.nix +++ b/flake.nix @@ -52,12 +52,15 @@ actions-runner = inputs.nixos-generators.nixosGenerate { inherit system; modules = [ + ({...}: { amazonImage.sizeMB = 6 * 1024; }) inputs.srvos.nixosModules.server inputs.srvos.nixosModules.hardware-amazon ./modules/profiles/common.nix ./modules/mixins/github-actions ]; - specialArgs.diskSize = 6 * 1024; + specialArgs = { + diskSize = 6 * 1024; # 6GB + }; format = "amazon"; # ami }; }; From ba5c6c8e5cac33d3327c75fcd47136eadd005fe0 Mon Sep 17 00:00:00 2001 From: Hayden Young <22327045+hbjydev@users.noreply.github.com> Date: Thu, 2 May 2024 16:24:33 +0100 Subject: [PATCH 4/4] feat(actions-runner): add nix labels --- modules/mixins/github-actions/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/mixins/github-actions/default.nix b/modules/mixins/github-actions/default.nix index c741930..51e8edb 100644 --- a/modules/mixins/github-actions/default.nix +++ b/modules/mixins/github-actions/default.nix @@ -40,6 +40,8 @@ in ProtectHome = "tmpfs"; }; + extraLabels = [ "nixos" "nix" pkgs.stdenv.system ]; + extraPackages = with pkgs; [ awscli2 bashInteractive