eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
409 commits 79 branches 160 tags 8.6 MiB
Commit graph

11 commits

Author SHA1 Message Date
Erich Blume
8aa85ca116 Rename runner instance to avoid systemd hyphen escaping 
instances.nix-container-builder becomes nix_container_builder so
the service unit is gitea-runner-nix_container_builder.service
instead of gitea-runner-nix\x2dcontainer\x2dbuilder.service.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 20:46:07 -08:00
Erich Blume
c098199f8b Replace k8s Forgejo runner with systemd nix-container-builder 
Remove the DinD-based k8s runner and add a native systemd Forgejo
Actions runner on ringtail for building containers with nix build
and pushing via skopeo. The runner uses the NixOS
services.gitea-actions-runner module with host execution (no
containers), and Ansible provisions the registration token from
1Password. Adds a new build-container-nix workflow for -nix- tags
and updates mise tasks to support both Dockerfile and Nix builds.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 20:21:39 -08:00
Erich Blume
961151ed30 Add k3s cluster on ringtail with amd64 Forgejo runner 
Enable k3s single-node server on ringtail (NixOS) for native amd64
container builds. Includes ArgoCD Application and manifests for a
Forgejo Actions runner with the `k8s-amd64` label, Ansible bootstrap
tasks for k3s token and runner secret, and containerd registry mirrors
pulling through Zot on indri.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 19:09:47 -08:00
Erich Blume
535f897054 Polish ringtail NixOS config and add documentation (#208) 
## Summary
- Fix Super+Return keybinding to launch wezterm in sway
- Set fish as default login shell
- Remove `initialPassword` (real password already set)
- Add 1Password CLI + GUI, chezmoi, and dev tool packages (neovim, eza, fd, fzf, zoxide, starship, atuin, bat, ripgrep)
- Add ringtail reference card, update host inventory and reference index
- Changelog fragment

## Post-merge deployment
- `mise run provision-ringtail` to rebuild NixOS
- On ringtail: launch 1Password GUI, enable CLI integration (Settings > Developer > CLI integration)
- Chezmoi needs `.chezmoiignore` updates in the dotfiles repo (separate task)

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/208
 2026-02-18 17:53:47 -08:00
Erich Blume
5a087c10df Fix deprecated greetd.tuigreet package reference 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 09:30:01 -08:00
Erich Blume
4b7491c58f Add python3 to ringtail for Ansible compatibility 
NixOS doesn't include Python by default. Ansible needs it on the
managed host for module execution.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 09:29:09 -08:00
Erich Blume
b08ed98881 Enable passwordless sudo for wheel group on ringtail 
Required for Ansible unattended provisioning via become: true.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 09:25:32 -08:00
Erich Blume
8ee6c1271a Add --accept-routes and --ssh to tailscale config 
Makes tailscale settings declarative so they persist across rebuilds.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 09:24:17 -08:00
Erich Blume
aaf7e73c27 Fix sway on NVIDIA proprietary drivers 
Sway/wlroots refuses to start on proprietary NVIDIA by default.
Add --unsupported-gpu flag and disable hardware cursors.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 09:08:26 -08:00
Erich Blume
104e49d337 Allow unfree packages for NVIDIA drivers and Steam 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 08:56:27 -08:00
Erich Blume
b9d813cde1 Add NixOS configuration for ringtail workstation (#207) 
## Summary
- NixOS flake for ringtail (gaming/compute workstation, RTX 4080) in `nixos/ringtail/`
- Declarative disk partitioning via disko (GPT, 512M EFI + ext4 root on NVMe)
- NVIDIA proprietary drivers, sway/Wayland desktop, greetd, PipeWire, Steam
- Tailscale integration for tailnet connectivity
- Ansible playbook + `mise run provision-ringtail` for ongoing management
- Pulumi auth key (`tag:homelab`, `tag:blumeops`) for tailnet bootstrap

## Deployment Order
1. **Merge PR**
2. `pulumi up` in tailscale stack → creates auth key
3. Retrieve auth key: `pulumi stack output ringtail_authkey --show-secrets`
4. On ringtail NixOS installer:
   - `nix run github:nix-community/disko -- --mode disko /tmp/disk-config.nix` (or from cloned repo)
   - `nixos-install --flake github:eblume/blumeops?dir=nixos/ringtail#ringtail`
5. Reboot, `tailscale up --auth-key=<key>`
6. Verify: `tailscale status`, SSH from gilbert

## Test plan
- [ ] Review NixOS configuration for completeness
- [ ] Verify disko partition layout matches ringtail hardware
- [ ] Run `pulumi preview` for tailscale stack
- [ ] Install NixOS on ringtail
- [ ] Confirm tailscale connectivity
- [ ] Confirm sway desktop works
- [ ] Test `mise run provision-ringtail` for ongoing management

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/207
 2026-02-18 08:24:25 -08:00