forgejo: added runner

This commit is contained in:
Tigor Hutasuhut 2024-06-13 20:12:46 +07:00
parent c8c1302885
commit 265b9c549e
3 changed files with 49 additions and 7 deletions

View file

@ -21,12 +21,6 @@
go.enable = true;
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 443 ];
cockpit.enable = true;
docker = {
enable = false;
caddy.enable = false;
kavita.enable = false;
};
podman = {
enable = true;
caddy.enable = false;

21
secrets/forgejo.yaml Normal file
View file

@ -0,0 +1,21 @@
runner_token: ENC[AES256_GCM,data:OA1qGIY46bNcjHDms3XZhpa40J9WRexNXsnK0Lm1WWIUbvKOCp6GG2v2599ysQ==,iv:ftNbVJYJR+2UozxMLcYZh5HH+O1KRMvUAKQc9/UAunI=,tag:F++kseVO3yD3jt6+vVTJ5Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKWHBRWTdZT0d4a0FIZlMx
R080ZWdzNzM3YWdaVTdvUGcxUlhBVllKSUdJCmdFRjMvYnphVE9PQjQ5V1Zlc0h6
TmF0YTN6QjZtay9Hbjc3QVUwcHRQdGcKLS0tIG9kTEZqTkpDQ2Z2Ni9taU03ekVs
NGg4aFJsSHNPdTcwQ2ZMdmJscm5iNzgKRLrTAenr9q3r1dGPEyuxNhsQp8+20rCk
IKbsjenq/QTMQc+pMz/0oypVFUYNljmOfTWvvnjdJNsYHektNMkmNA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-13T12:44:00Z"
mac: ENC[AES256_GCM,data:x8MHb/bcXqQHOUfLIOjnk1ivCs+ubLKm6L0gzrI3ZbLaQRieKvY2THSDjmyF2OAe5x9stjCY5ZOb7t3Y7EXG5sgiwvSwqcZKUY3k4SEkJtO6MJmLE39UGphHPZXQD4Jez+PWfrbZXf4lk9hsnW20wHZgePq+w6mW003uN88ZPzw=,iv:gOZJIXcT2GGTcxonKPtjxZewjFDHU0FW0xT8Sfzz10o=,tag:keHB371hNXD90rqgZjfeaw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -1,4 +1,4 @@
{ config, lib, ... }:
{ config, lib, pkgs, ... }:
let
cfg = config.profile.services.forgejo;
inherit (lib) mkIf;
@ -25,5 +25,32 @@ in
session.COOKIE_SECURE = true;
};
};
sops.secrets."runner_token" = {
sopsFile = ../../secrets/forgejo.yaml;
};
services.gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances = {
${config.networking.hostName} = {
enable = true;
name = config.networking.hostName;
url = config.services.forgejo.settings.server.ROOT_URL;
tokenFile = config.sops.secrets."runner_token".path;
settings = {
container = {
privileged = true;
# docker_host = "unix:///var/run/docker.sock";
valid_volumes = [ "**" ];
};
};
labels = [
"docker:docker://ghcr.io/catthehacker/ubuntu:act-22.04"
"native:host"
];
};
};
};
};
}