forgejo: added runner

2024-06-13 20:12:46 +07:00 · 2024-06-13 20:12:46 +07:00 · 265b9c549e
parent c8c1302885
commit 265b9c549e
3 changed files with 49 additions and 7 deletions
--- a/profiles/homeserver.nix
+++ b/profiles/homeserver.nix
@ -21,12 +21,6 @@
    go.enable = true;
    networking.firewall.enable = true;
    networking.firewall.allowedTCPPorts = [ 80 443 ];
-    cockpit.enable = true;
-    docker = {
-      enable = false;
-      caddy.enable = false;
-      kavita.enable = false;
-    };
    podman = {
      enable = true;
      caddy.enable = false;
--- a/secrets/forgejo.yaml
+++ b/secrets/forgejo.yaml
@ -0,0 +1,21 @@
+runner_token: ENC[AES256_GCM,data:OA1qGIY46bNcjHDms3XZhpa40J9WRexNXsnK0Lm1WWIUbvKOCp6GG2v2599ysQ==,iv:ftNbVJYJR+2UozxMLcYZh5HH+O1KRMvUAKQc9/UAunI=,tag:F++kseVO3yD3jt6+vVTJ5Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKWHBRWTdZT0d4a0FIZlMx
+            R080ZWdzNzM3YWdaVTdvUGcxUlhBVllKSUdJCmdFRjMvYnphVE9PQjQ5V1Zlc0h6
+            TmF0YTN6QjZtay9Hbjc3QVUwcHRQdGcKLS0tIG9kTEZqTkpDQ2Z2Ni9taU03ekVs
+            NGg4aFJsSHNPdTcwQ2ZMdmJscm5iNzgKRLrTAenr9q3r1dGPEyuxNhsQp8+20rCk
+            IKbsjenq/QTMQc+pMz/0oypVFUYNljmOfTWvvnjdJNsYHektNMkmNA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-06-13T12:44:00Z"
+    mac: ENC[AES256_GCM,data:x8MHb/bcXqQHOUfLIOjnk1ivCs+ubLKm6L0gzrI3ZbLaQRieKvY2THSDjmyF2OAe5x9stjCY5ZOb7t3Y7EXG5sgiwvSwqcZKUY3k4SEkJtO6MJmLE39UGphHPZXQD4Jez+PWfrbZXf4lk9hsnW20wHZgePq+w6mW003uN88ZPzw=,iv:gOZJIXcT2GGTcxonKPtjxZewjFDHU0FW0xT8Sfzz10o=,tag:keHB371hNXD90rqgZjfeaw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/system/services/forgejo.nix
+++ b/system/services/forgejo.nix
@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 let
  cfg = config.profile.services.forgejo;
  inherit (lib) mkIf;
@ -25,5 +25,32 @@ in
        session.COOKIE_SECURE = true;
      };
    };
+
+    sops.secrets."runner_token" = {
+      sopsFile = ../../secrets/forgejo.yaml;
+    };
+
+    services.gitea-actions-runner = {
+      package = pkgs.forgejo-runner;
+      instances = {
+        ${config.networking.hostName} = {
+          enable = true;
+          name = config.networking.hostName;
+          url = config.services.forgejo.settings.server.ROOT_URL;
+          tokenFile = config.sops.secrets."runner_token".path;
+          settings = {
+            container = {
+              privileged = true;
+              # docker_host = "unix:///var/run/docker.sock";
+              valid_volumes = [ "**" ];
+            };
+          };
+          labels = [
+            "docker:docker://ghcr.io/catthehacker/ubuntu:act-22.04"
+            "native:host"
+          ];
+        };
+      };
+    };
  };
 }