diff --git a/hosts/franz/arion/git/default.nix b/hosts/franz/arion/git/default.nix index 575625f..7ffda10 100644 --- a/hosts/franz/arion/git/default.nix +++ b/hosts/franz/arion/git/default.nix @@ -1,4 +1,8 @@ -{config, ...}: let +{ + config, + pkgs, + ... +}: let vars = import ../../../../vars.nix; in { virtualisation.arion = { @@ -16,6 +20,9 @@ in { sops.secrets."forgejo/db_database" = { owner = vars.user; }; + sops.secrets."forgejo/runner_token" = { + owner = vars.user; + }; sops.templates."forgejo.env" = { path = "/home/${vars.user}/.docker/git/forgejo.env"; @@ -38,4 +45,21 @@ in { POSTGRES_PASSWORD="${config.sops.placeholder."forgejo/db_password"}" ''; }; + + services.gitea-actions-runner = { + package = pkgs.forgejo-runner; + instances.default = { + enable = true; + name = config.networking.hostName; + url = "https://git.ghoscht.com"; + # tokenFile = "/home/${vars.user}/.docker/git/forgejo-runner.env"; + tokenFile = config.sops.secrets."forgejo/runner_token".path; + labels = [ + "ubuntu-latest:docker://node:22-bookworm" + ]; + }; + }; + + # enable cache actions https://forgejo.org/docs/latest/admin/runner-installation/ + networking.firewall.trustedInterfaces = ["br-+"]; } diff --git a/secrets/franz.yaml b/secrets/franz.yaml index 6f8335b..087a72f 100644 --- a/secrets/franz.yaml +++ b/secrets/franz.yaml @@ -13,6 +13,7 @@ forgejo: db_password: ENC[AES256_GCM,data:1lpmX58=,iv:9TehYmpS3RQc0WsKVR4Tx36utL2e6avbc7BlK0+B178=,tag:xHRv+WJUch3jmRIWghjnPg==,type:str] db_user: ENC[AES256_GCM,data:rYxa8nU=,iv:Lijug8gqMTnMG9WQsivyrO/IbgrAyWfG7IQ99x1Q5gA=,tag:OipZUyZiMh4PLbo7KJAksQ==,type:str] db_database: ENC[AES256_GCM,data:br/OvQA=,iv:g2krpkX1XXXhT4FgzbeXp/MgcpHayndtBv+8dpmp03M=,tag:z5h/TSBXViFr3lNN15XFAA==,type:str] + runner_token: ENC[AES256_GCM,data:rjgbrqLAA16dlNDn/Mh3TQ8+2mYD3Sn2502aY0PuNmINIfu9lnUCtw==,iv:FAzNa0fxlN61xrrWrbfRl6F4GHkR3bhmZEPrejTpKyU=,tag:yoOAiVCBQFuFpT+cgXPuWA==,type:str] navidrome: spotify_id: ENC[AES256_GCM,data:yTNp25CHtnFkvXhbvduVzkmenT3TjkpWR0ZhSTKOiAs=,iv:cuewBT/XfneiHUjlFCV0O/nzXHoEVO/JyfgqRACreEc=,tag:TOZ+GDqZ2SkibKhEhIcX7w==,type:str] spotify_secret: ENC[AES256_GCM,data:sHYYHDgW0nNP7vCk0qOZdLOyetG4XbK7NaxYSt4kr68=,iv:p0+wW287UteJfJaiajX9/XOEkkm957Rs46hYaml6Of4=,tag:SsEyVYdPpO/yv9vF7Dj+HA==,type:str] @@ -83,8 +84,8 @@ sops: VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-09T11:43:35Z" - mac: ENC[AES256_GCM,data:y8f188EbglQgSsSxEJpVX0GhjjZ4Uw5L7pawLP8Yz3zTgRNUIPICOK3oWNjR/M6BhhqaC2cnz5g2lQDXmO1tKDQ7E8RaZeqdBY0oDB+B1C6LWHnbZiEaQvH+j0nBx191NKUcA3Z4n4Sew+lA2YiQ3lWko4j/Kn+j8pnhrfVsYW8=,iv:F1PUbgZRsf8A3Es/UA+tV92DUywnPZx5iL7iLAICfsM=,tag:K9RuhNIpSuuec/OvShyvhQ==,type:str] + lastmodified: "2024-12-18T20:43:51Z" + mac: ENC[AES256_GCM,data:RSaqAh5OpOK6WjJSLzi4uUSGdGphTuz8skfqY3YEb9woVNFUKgYMurISuvCTBz99qcXSZGBmbL7Ppu+cEJQGCRz6Vmtu+mql5FbP/iyEOJALMN6VuK6l84WFzzEnWnNrN49B/+aTwtwJ01DDwy6Ze9RqekEAyLjYoyc/C94TwN4=,iv:kGtHqjZNal2t6GxYAvIRVnjI2VFrMAC3K5W62Slqmnw=,tag:paPQz3LRVfizIX3YXH9uCQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1