From 2a3c822b56f4af166778208253a7e5d6269b4a1a Mon Sep 17 00:00:00 2001 From: Tigor Hutasuhut Date: Sat, 15 Jun 2024 16:45:38 +0700 Subject: [PATCH] homserver: enabled docker and disabled podman --- options/docker.nix | 8 ++++---- profiles/homeserver.nix | 4 ++++ secrets/forgejo.yaml | 12 +++++++++--- system/services/forgejo.nix | 11 +++++++++-- 4 files changed, 26 insertions(+), 9 deletions(-) diff --git a/options/docker.nix b/options/docker.nix index f622f35..3960969 100644 --- a/options/docker.nix +++ b/options/docker.nix @@ -1,11 +1,11 @@ { lib, ... }: +let + inherit (lib) mkEnableOption; +in { options.profile.docker = { enable = lib.mkEnableOption "docker"; - caddy.enable = lib.mkOption { - type = lib.types.bool; - default = true; - }; + caddy.enable = mkEnableOption "caddy docker"; kavita.enable = lib.mkEnableOption "kavita docker"; }; } diff --git a/profiles/homeserver.nix b/profiles/homeserver.nix index 986815e..f48e9a6 100644 --- a/profiles/homeserver.nix +++ b/profiles/homeserver.nix @@ -23,6 +23,10 @@ networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ 80 443 ]; podman = { + enable = false; + }; + + docker = { enable = true; }; diff --git a/secrets/forgejo.yaml b/secrets/forgejo.yaml index 1979b84..9f93229 100644 --- a/secrets/forgejo.yaml +++ b/secrets/forgejo.yaml @@ -1,4 +1,10 @@ -runner_token: ENC[AES256_GCM,data:OA1qGIY46bNcjHDms3XZhpa40J9WRexNXsnK0Lm1WWIUbvKOCp6GG2v2599ysQ==,iv:ftNbVJYJR+2UozxMLcYZh5HH+O1KRMvUAKQc9/UAunI=,tag:F++kseVO3yD3jt6+vVTJ5Q==,type:str] +forgejo: + runners: + global: ENC[AES256_GCM,data:LuYqYDMgaq+L94JL5tGTlOhm7x98jpb7n6o5jYVKdN/9Z/5LA10lmwdDDsBYuA==,iv:UkLz8qW/C2M2XomRz+Oc+d4LIioxyh2pPgBaiY6x4N8=,tag:k0xRH8+gMoM4DbITXn1SfA==,type:str] + user_tokens: + tigor: + #ENC[AES256_GCM,data:5IEV/X4fpfydhdSw7LYOLMFZYqD/Kp96Zyp/YXnvFzVh8GluX4+9qGgsdWAsFgLlPXDRAi1ViA==,iv:v1OmczINHtT+AtdXMBjstmGejV62nhQ/T9aIoJG8DR8=,tag:b4Xg3ybhrxy70n/UB5D7nQ==,type:comment] + push_docker_image_token: ENC[AES256_GCM,data:jMTz+c3IEcpqRkYLZyrUWLWLIw0AOdDk7LsIDvjCW3rKxTiOOmb1wg==,iv:OjZArNhCCKZkngGjYbCQVYJkQww9K5b4ehUXxsdOqdU=,tag:EViefKbS+II+MXWqLE7rKw==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +20,8 @@ sops: NGg4aFJsSHNPdTcwQ2ZMdmJscm5iNzgKRLrTAenr9q3r1dGPEyuxNhsQp8+20rCk IKbsjenq/QTMQc+pMz/0oypVFUYNljmOfTWvvnjdJNsYHektNMkmNA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-13T12:44:00Z" - mac: ENC[AES256_GCM,data:x8MHb/bcXqQHOUfLIOjnk1ivCs+ubLKm6L0gzrI3ZbLaQRieKvY2THSDjmyF2OAe5x9stjCY5ZOb7t3Y7EXG5sgiwvSwqcZKUY3k4SEkJtO6MJmLE39UGphHPZXQD4Jez+PWfrbZXf4lk9hsnW20wHZgePq+w6mW003uN88ZPzw=,iv:gOZJIXcT2GGTcxonKPtjxZewjFDHU0FW0xT8Sfzz10o=,tag:keHB371hNXD90rqgZjfeaw==,type:str] + lastmodified: "2024-06-15T09:16:06Z" + mac: ENC[AES256_GCM,data:583xIAMkXyVNEkGeM2LM7CLRsypeeJ6Fpt3HxNw7jVmB3PFB/KKwcyhw4UDjNM2xsIjgGMjuAGc3SBI7zubfy9YotrP6m+NOw+8lC9JZbBQIaHIOPTgpeUJLHGveNe2SEBYfbhCjQid+EAWW92oRddZoGyrh2OWq33FgRvTM00A=,iv:/6mZEm2jyJ1cxOQ1mUoGHu6oZjWGknllKYF9/uV80Ao=,tag:oCYlwgXZuin7uBUeRjnOlw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/system/services/forgejo.nix b/system/services/forgejo.nix index 2900307..03357af 100644 --- a/system/services/forgejo.nix +++ b/system/services/forgejo.nix @@ -31,7 +31,7 @@ in }; }; - sops.secrets."runner_token" = { + sops.secrets."forgejo/runners/global" = { sopsFile = ../../secrets/forgejo.yaml; }; @@ -42,8 +42,15 @@ in enable = true; name = config.networking.hostName; url = config.services.forgejo.settings.server.ROOT_URL; - tokenFile = config.sops.secrets."runner_token".path; + tokenFile = config.sops.secrets."forgejo/runners/global".path; settings = { + runner = { + capacity = 2; + timeout = "1h"; + }; + cache = { + enabled = true; + }; container = { privileged = true; # docker_host = "unix:///var/run/docker.sock";