forgejo: added runner
This commit is contained in:
parent
c8c1302885
commit
265b9c549e
|
@ -21,12 +21,6 @@
|
||||||
go.enable = true;
|
go.enable = true;
|
||||||
networking.firewall.enable = true;
|
networking.firewall.enable = true;
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
cockpit.enable = true;
|
|
||||||
docker = {
|
|
||||||
enable = false;
|
|
||||||
caddy.enable = false;
|
|
||||||
kavita.enable = false;
|
|
||||||
};
|
|
||||||
podman = {
|
podman = {
|
||||||
enable = true;
|
enable = true;
|
||||||
caddy.enable = false;
|
caddy.enable = false;
|
||||||
|
|
21
secrets/forgejo.yaml
Normal file
21
secrets/forgejo.yaml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
runner_token: ENC[AES256_GCM,data:OA1qGIY46bNcjHDms3XZhpa40J9WRexNXsnK0Lm1WWIUbvKOCp6GG2v2599ysQ==,iv:ftNbVJYJR+2UozxMLcYZh5HH+O1KRMvUAKQc9/UAunI=,tag:F++kseVO3yD3jt6+vVTJ5Q==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKWHBRWTdZT0d4a0FIZlMx
|
||||||
|
R080ZWdzNzM3YWdaVTdvUGcxUlhBVllKSUdJCmdFRjMvYnphVE9PQjQ5V1Zlc0h6
|
||||||
|
TmF0YTN6QjZtay9Hbjc3QVUwcHRQdGcKLS0tIG9kTEZqTkpDQ2Z2Ni9taU03ekVs
|
||||||
|
NGg4aFJsSHNPdTcwQ2ZMdmJscm5iNzgKRLrTAenr9q3r1dGPEyuxNhsQp8+20rCk
|
||||||
|
IKbsjenq/QTMQc+pMz/0oypVFUYNljmOfTWvvnjdJNsYHektNMkmNA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-06-13T12:44:00Z"
|
||||||
|
mac: ENC[AES256_GCM,data:x8MHb/bcXqQHOUfLIOjnk1ivCs+ubLKm6L0gzrI3ZbLaQRieKvY2THSDjmyF2OAe5x9stjCY5ZOb7t3Y7EXG5sgiwvSwqcZKUY3k4SEkJtO6MJmLE39UGphHPZXQD4Jez+PWfrbZXf4lk9hsnW20wHZgePq+w6mW003uN88ZPzw=,iv:gOZJIXcT2GGTcxonKPtjxZewjFDHU0FW0xT8Sfzz10o=,tag:keHB371hNXD90rqgZjfeaw==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.profile.services.forgejo;
|
cfg = config.profile.services.forgejo;
|
||||||
inherit (lib) mkIf;
|
inherit (lib) mkIf;
|
||||||
|
@ -25,5 +25,32 @@ in
|
||||||
session.COOKIE_SECURE = true;
|
session.COOKIE_SECURE = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops.secrets."runner_token" = {
|
||||||
|
sopsFile = ../../secrets/forgejo.yaml;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.gitea-actions-runner = {
|
||||||
|
package = pkgs.forgejo-runner;
|
||||||
|
instances = {
|
||||||
|
${config.networking.hostName} = {
|
||||||
|
enable = true;
|
||||||
|
name = config.networking.hostName;
|
||||||
|
url = config.services.forgejo.settings.server.ROOT_URL;
|
||||||
|
tokenFile = config.sops.secrets."runner_token".path;
|
||||||
|
settings = {
|
||||||
|
container = {
|
||||||
|
privileged = true;
|
||||||
|
# docker_host = "unix:///var/run/docker.sock";
|
||||||
|
valid_volumes = [ "**" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
labels = [
|
||||||
|
"docker:docker://ghcr.io/catthehacker/ubuntu:act-22.04"
|
||||||
|
"native:host"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue