monolith: cleanup host-specific modules

2026-02-24 14:22:16 -03:00 · 2026-02-24 14:22:16 -03:00 · 5adec3b1d3
commit 5adec3b1d3
parent 52f5d725ea
5 changed files with 12 additions and 36 deletions
--- a/system/monolith-forgejo-runner.nix
+++ b/system/monolith-forgejo-runner.nix
@ -1,22 +0,0 @@
-{ pkgs, config, ... }:
-{
-  services.gitea-actions-runner = {
-    package = pkgs.forgejo-runner;
-    instances.default = {
-      enable = true;
-      name = "monolith";
-      url = "https://git.lelgenio.com";
-      tokenFile = config.sops.secrets."forgejo-runners/git.lelgenio.com-default".path;
-      labels = [
-        # provide a debian base with nodejs for actions
-        "debian-latest:docker://node:18-bullseye"
-        # fake the ubuntu name, because node provides no ubuntu builds
-        "ubuntu-latest:docker://node:18-bullseye"
-        # provide native execution on the host
-        #"native:host"
-      ];
-    };
-  };
-
-  sops.secrets."forgejo-runners/git.lelgenio.com-default" = { };
-}
--- a/system/monolith-gitlab-runner.nix
+++ b/system/monolith-gitlab-runner.nix
@ -1,60 +0,0 @@
-{
-  config,
-  pkgs,
-  inputs,
-  ...
-}:
-let
-  inherit (pkgs.callPackage ./gitlab-runner.nix { inherit inputs; }) mkNixRunner mkNixRunnerFull;
-in
-{
-  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
-  virtualisation.docker.enable = true;
-  services.gitlab-runner = {
-    enable = true;
-    settings.concurrent = 3;
-    services = {
-      # runner for building in docker via host's nix-daemon
-      # nix store will be readable in runner, might be insecure
-      thoreb-telemetria-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-telemetria-nix".path;
-      thoreb-itinerario-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-itinerario-nix".path;
-
-      wopus-gitlab-nix = mkNixRunnerFull {
-        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
-        # nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path;
-        # nixCacheSshPublicKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pub".path;
-      };
-
-      default = {
-        # File should contain at least these two variables:
-        # `CI_SERVER_URL`
-        # `CI_SERVER_TOKEN`
-        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/docker-images-token".path;
-        dockerImage = "debian:stable";
-        dockerPullPolicy = "if-not-present";
-      };
-    };
-  };
-  systemd.services.gitlab-runner.serviceConfig.Nice = 10;
-
-  sops.secrets = {
-    "gitlab-runners/thoreb-telemetria-nix" = {
-      sopsFile = ../secrets/monolith/default.yaml;
-    };
-    "gitlab-runners/thoreb-itinerario-nix" = {
-      sopsFile = ../secrets/monolith/default.yaml;
-    };
-    "gitlab-runners/docker-images-token" = {
-      sopsFile = ../secrets/monolith/default.yaml;
-    };
-    "gitlab-runners/wopus-gitlab-nix" = {
-      sopsFile = ../secrets/monolith/default.yaml;
-    };
-    "gitlab-runners/wopus-ssh-nix-cache-pk" = {
-      sopsFile = ../secrets/monolith/default.yaml;
-    };
-    "gitlab-runners/wopus-ssh-nix-cache-pub" = {
-      sopsFile = ../secrets/monolith/default.yaml;
-    };
-  };
-}
--- a/system/nix-serve.nix
+++ b/system/nix-serve.nix
@ -1,14 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-{
-  services.nix-serve = {
-    enable = true;
-    secretKeyFile = config.sops.secrets."nix-serve/private-key".path;
-  };
-
-  sops.secrets."nix-serve/private-key" = { };
-}