Add CI/CD infrastructure for animaltrack

New services: - animaltrack.hcl: Python app with health checks and auto_revert - act-runner.hcl: Gitea Actions runner on Nomad New infrastructure: - nix-runner/: Custom Nix Docker image for CI with modern Nix, local cache (c3), and bundled tools (skopeo, jq, etc.) Modified: - gitea.hcl: Enable Gitea Actions The CI workflow (in animaltrack repo) builds Docker images with Nix, pushes to Gitea registry, and triggers Nomad deployments with automatic rollback on health check failure. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-05 07:17:31 +00:00
parent 3b8cd7b742
commit c548ead4f7
5 changed files with 286 additions and 1 deletions
--- a/nix-runner/flake.nix
+++ b/nix-runner/flake.nix
@@ -0,0 +1,58 @@
+# ABOUTME: Flake to build a custom Nix Docker image for Gitea Actions.
+# ABOUTME: Includes coreutils (/bin/sleep), modern Nix with flakes, and CI tools.
+{
+  description = "Nix runner image for Gitea Actions";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, flake-utils }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = import nixpkgs { inherit system; };
+      in {
+        packages.default = pkgs.dockerTools.buildImage {
+          name = "gitea.v.paler.net/ppetru/nix-runner";
+          tag = "v4";
+
+          copyToRoot = pkgs.buildEnv {
+            name = "image-root";
+            paths = with pkgs; [
+              # Core utilities (provides /bin/sleep that act_runner needs)
+              coreutils-full
+              bash
+              # Nix itself
+              nix
+              # For actions that need node
+              nodejs_20
+              # Common CI tools
+              git
+              curl
+              jq
+              skopeo
+              # CA certificates for HTTPS
+              cacert
+            ];
+            pathsToLink = [ "/bin" "/etc" ];
+          };
+
+          # Create temp directories without runAsRoot (which needs KVM)
+          extraCommands = ''
+            mkdir -p -m 1777 tmp
+            mkdir -p -m 1777 var/tmp
+          '';
+
+          config = {
+            Env = [
+              "NIX_PAGER=cat"
+              "USER=root"
+              "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+              "NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+              "NIX_CONFIG=experimental-features = nix-command flakes\nsandbox = false\nbuild-users-group =\nsubstituters = http://c3.mule-stork.ts.net:8501 https://cache.nixos.org\ntrusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= c3:sI3l1RN80xdehzXLA8u2P6352B0SyRPs2XiYy/YWYro="
+            ];
+          };
+        };
+      });
+}