hackclub/burrow
1
0
Fork 0
Code Pull requests Releases Packages Activity Actions

Wire runner caches and forge secrets through agenix
Some checks failed
Build Rust / Cargo Test (push) Waiting to run
Details
Build Site / Next.js Build (push) Waiting to run
Details
Build Apple / Build App (iOS Simulator) (push) Failing after 14s
Details
Build Apple / Build App (macOS) (push) Failing after 13s
Details

Browse source
This commit is contained in:
Conrad Kramer 2026-03-19 00:04:27 -07:00
parent afc3e79eb0
commit ed247b2f5e
20 changed files with 299 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

6
services/forgejo-nsc/README.md
View file

@ -45,6 +45,9 @@ profile. The important knobs are:
- `namespace.machine_type` / `namespace.duration` shape + TTL for the ephemeral
Namespace environment. The dispatcher destroys the instance after a job so the
TTL acts as a hard cap, not an idle timeout.
- `namespace.linux_cache_*` / `namespace.macos_cache_*` persistent cache
volumes mounted into runners so Linux can keep `/nix` plus build caches warm
and macOS can reuse Rust toolchains, Xcode package caches, and derived data.
### Running locally
@ -160,12 +163,15 @@ consume the same secret material.
Long-lived runtime state is now sourced from age-encrypted files:
- `secrets/forgejo/admin-password.age`
- `secrets/forgejo/agent-ssh-key.age`
- `secrets/forgejo/nsc-token.age`
- `secrets/forgejo/nsc-dispatcher-config.age`
- `secrets/forgejo/nsc-autoscaler-config.age`
After refreshing the intake files, re-encrypt them into `secrets/forgejo/*.age`
and deploy the forge host so `config.age.secrets.*` updates the live paths for
`services.burrow.forge`, `services.burrow.forgeRunner`, and
`services.burrow.forgejoNsc`.
Run it next to the dispatcher: