79 lines
2.7 KiB
YAML
79 lines
2.7 KiB
YAML
# Runs two services on the host:
|
|
# - act_runner — polls Gitea, spawns one job container per workflow
|
|
# run via the host docker socket. Job image built reproducibly from
|
|
# runner/flake.nix (`nix run .#load-image`).
|
|
# - caddy — HTTPS-fronts the binary cache (./cache/store) so
|
|
# consumers' substituter config can read it. Custom ports because
|
|
# the router does PAT (port-forwarding 80→CADDY_HTTP_PORT,
|
|
# 443→CADDY_HTTPS_PORT). Set those in .env.
|
|
services:
|
|
runner:
|
|
image: docker.io/gitea/act_runner:nightly
|
|
restart: unless-stopped
|
|
environment:
|
|
CONFIG_FILE: /config.yaml
|
|
GITEA_INSTANCE_URL: "${GITEA_INSTANCE_URL}"
|
|
GITEA_RUNNER_REGISTRATION_TOKEN: "${GITEA_RUNNER_REGISTRATION_TOKEN}"
|
|
GITEA_RUNNER_NAME: "${GITEA_RUNNER_NAME:-cargoxx-pkgs-runner}"
|
|
GITEA_RUNNER_LABELS: "${GITEA_RUNNER_LABELS:-self-hosted}"
|
|
volumes:
|
|
- ./config.yaml:/config.yaml:ro
|
|
- ./data:/data
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
# Binary cache — `validate-pr.yml`'s push step writes `$out` NAR
|
|
# archives here. Named volumes (defined below) make the same
|
|
# storage reachable from this runner container AND every job
|
|
# container act_runner spawns AND the caddy frontend below.
|
|
- cargoxx-cache-store:/srv/cargoxx-cache/store
|
|
- cargoxx-cache-keys:/srv/cargoxx-cache/keys:ro
|
|
|
|
caddy:
|
|
image: docker.io/caddy:2
|
|
restart: unless-stopped
|
|
ports:
|
|
- "${CADDY_HTTP_PORT:-8080}:${CADDY_HTTP_PORT:-8080}"
|
|
- "${CADDY_HTTPS_PORT:-8443}:${CADDY_HTTPS_PORT:-8443}"
|
|
environment:
|
|
CADDY_HTTP_PORT: "${CADDY_HTTP_PORT:-8080}"
|
|
CADDY_HTTPS_PORT: "${CADDY_HTTPS_PORT:-8443}"
|
|
volumes:
|
|
- ./Caddyfile:/etc/caddy/Caddyfile:ro
|
|
- cargoxx-cache-store:/srv/cache:ro
|
|
- caddy-data:/data
|
|
- caddy-config:/config
|
|
|
|
volumes:
|
|
cargoxx-cache-store:
|
|
# Explicit name disables compose's project-prefix so spawned job
|
|
# containers (which don't know about compose) can reference the
|
|
# same volume by the same name.
|
|
name: cargoxx-cache-store
|
|
driver: local
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: "${PWD}/cache/store"
|
|
cargoxx-cache-keys:
|
|
name: cargoxx-cache-keys
|
|
driver: local
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: "${PWD}/cache/keys"
|
|
caddy-data:
|
|
# Caddy's own state: ACME account, issued certificates, OCSP
|
|
# staples. Persist so we don't re-issue certs every restart.
|
|
name: caddy-data
|
|
driver: local
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: "${PWD}/caddy/data"
|
|
caddy-config:
|
|
name: caddy-config
|
|
driver: local
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: "${PWD}/caddy/config"
|