GitHub Runner services are configured to makes the entire system read-only by default.
Add a github-action-runner role option to allow specific paths to remain writable for the services.
To explicitely share files between runners in these paths, a shared group ID is also be added to the runners.
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
Thanks to @jfroche fixing cloud-init in
https://github.com/NixOS/nixpkgs/pull/226216, it's now able to retrieve
the IPv6 address from the metadata server on boot and creates a
/etc/systemd/network/10-cloud-init-eth0.network file that contains it.
Add option to enable asynchronous process to upload Nix packages to a binary cache without requiring the use of Cachix.
Based on https://github.com/nix-community/queued-build-hook
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
The GitHub self-hosted runner service can unregister existing GitHub runners if their token still exists in the runner's state directory.
However, if the runner is still registered and the token no longer exists, the service is unable to unregister the runner, and it cannot
be started again as it is already registered.
Rather than relying on the token stored in the runner's state directory, this change enables the service to unregister an existing offline
runner using the GitHub App token.
After #80, the modules are exposed as paths, and Nix doesn't seem to
complain anymore.
This is probably a change in Nix itself. But that means we don't need
those `_file` anymore.
One drawback of flake-parts is that it makes the wiring of the flake
outputs less easy to follow. With the new version the user can open the
flake.nix and pretty easily follow how things are put together.
Another drawback is that it makes the flake dependency tree larger. We
want to limit how much baggage srvos is adding when added as an input.
We introduce a few new mechanism in this commit:
flake-parts is used to wire things together.
./all-parts.nix looks for and imports all flake-part.nix files. This
makes it easier to co-locate the parts next to the targeted code.
We introduce a `modules` flake output to hold all modules. For example
instead of `nixosModules`, use `modules.nixos`.
In ./nixos we enforce a 1:1 mapping between the module filenames and the
attribute. For example ./nixos/mixins/telegraf.nix will translate to
`modules.nixos.mixins-telegraf`.
flake-compat ensures that the default.nix and flake.nix are in sync and have the same outputs.
