ghoscht/nix-config
ghoscht/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add forgejo runner

Browse source
This commit is contained in:
GHOSCHT 2024-12-18 22:47:19 +01:00
parent 14cbb1507e
commit d8df732fdd
Signed by: ghoscht
GPG key ID: 2C2C1C62A5388E82
2 changed files with 28 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
hosts/franz/arion/git/default.nix
View file

@ -1,4 +1,8 @@
{config, ...}: let {
config,
pkgs,
...
}: let
vars = import ../../../../vars.nix; vars = import ../../../../vars.nix;
in { in {
virtualisation.arion = { virtualisation.arion = {
@ -16,6 +20,9 @@ in {
sops.secrets."forgejo/db_database" = { sops.secrets."forgejo/db_database" = {
owner = vars.user; owner = vars.user;
}; };
sops.secrets."forgejo/runner_token" = {
owner = vars.user;
};
sops.templates."forgejo.env" = { sops.templates."forgejo.env" = {
path = "/home/${vars.user}/.docker/git/forgejo.env"; path = "/home/${vars.user}/.docker/git/forgejo.env";
@ -38,4 +45,21 @@ in {
POSTGRES_PASSWORD="${config.sops.placeholder."forgejo/db_password"}" POSTGRES_PASSWORD="${config.sops.placeholder."forgejo/db_password"}"
''; '';
}; };
services.gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances.default = {
enable = true;
name = config.networking.hostName;
url = "https://git.ghoscht.com";
# tokenFile = "/home/${vars.user}/.docker/git/forgejo-runner.env";
tokenFile = config.sops.secrets."forgejo/runner_token".path;
labels = [
"ubuntu-latest:docker://node:22-bookworm"
];
};
};
# enable cache actions https://forgejo.org/docs/latest/admin/runner-installation/
networking.firewall.trustedInterfaces = ["br-+"];
} }

5
secrets/franz.yaml
View file

@ -13,6 +13,7 @@ forgejo:
db_password: ENC[AES256_GCM,data:1lpmX58=,iv:9TehYmpS3RQc0WsKVR4Tx36utL2e6avbc7BlK0+B178=,tag:xHRv+WJUch3jmRIWghjnPg==,type:str] db_password: ENC[AES256_GCM,data:1lpmX58=,iv:9TehYmpS3RQc0WsKVR4Tx36utL2e6avbc7BlK0+B178=,tag:xHRv+WJUch3jmRIWghjnPg==,type:str]
db_user: ENC[AES256_GCM,data:rYxa8nU=,iv:Lijug8gqMTnMG9WQsivyrO/IbgrAyWfG7IQ99x1Q5gA=,tag:OipZUyZiMh4PLbo7KJAksQ==,type:str] db_user: ENC[AES256_GCM,data:rYxa8nU=,iv:Lijug8gqMTnMG9WQsivyrO/IbgrAyWfG7IQ99x1Q5gA=,tag:OipZUyZiMh4PLbo7KJAksQ==,type:str]
db_database: ENC[AES256_GCM,data:br/OvQA=,iv:g2krpkX1XXXhT4FgzbeXp/MgcpHayndtBv+8dpmp03M=,tag:z5h/TSBXViFr3lNN15XFAA==,type:str] db_database: ENC[AES256_GCM,data:br/OvQA=,iv:g2krpkX1XXXhT4FgzbeXp/MgcpHayndtBv+8dpmp03M=,tag:z5h/TSBXViFr3lNN15XFAA==,type:str]
runner_token: ENC[AES256_GCM,data:rjgbrqLAA16dlNDn/Mh3TQ8+2mYD3Sn2502aY0PuNmINIfu9lnUCtw==,iv:FAzNa0fxlN61xrrWrbfRl6F4GHkR3bhmZEPrejTpKyU=,tag:yoOAiVCBQFuFpT+cgXPuWA==,type:str]
navidrome: navidrome:
spotify_id: ENC[AES256_GCM,data:yTNp25CHtnFkvXhbvduVzkmenT3TjkpWR0ZhSTKOiAs=,iv:cuewBT/XfneiHUjlFCV0O/nzXHoEVO/JyfgqRACreEc=,tag:TOZ+GDqZ2SkibKhEhIcX7w==,type:str] spotify_id: ENC[AES256_GCM,data:yTNp25CHtnFkvXhbvduVzkmenT3TjkpWR0ZhSTKOiAs=,iv:cuewBT/XfneiHUjlFCV0O/nzXHoEVO/JyfgqRACreEc=,tag:TOZ+GDqZ2SkibKhEhIcX7w==,type:str]
spotify_secret: ENC[AES256_GCM,data:sHYYHDgW0nNP7vCk0qOZdLOyetG4XbK7NaxYSt4kr68=,iv:p0+wW287UteJfJaiajX9/XOEkkm957Rs46hYaml6Of4=,tag:SsEyVYdPpO/yv9vF7Dj+HA==,type:str] spotify_secret: ENC[AES256_GCM,data:sHYYHDgW0nNP7vCk0qOZdLOyetG4XbK7NaxYSt4kr68=,iv:p0+wW287UteJfJaiajX9/XOEkkm957Rs46hYaml6Of4=,tag:SsEyVYdPpO/yv9vF7Dj+HA==,type:str]
@ -83,8 +84,8 @@ sops:
VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI
EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig== EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-09T11:43:35Z" lastmodified: "2024-12-18T20:43:51Z"
mac: ENC[AES256_GCM,data:y8f188EbglQgSsSxEJpVX0GhjjZ4Uw5L7pawLP8Yz3zTgRNUIPICOK3oWNjR/M6BhhqaC2cnz5g2lQDXmO1tKDQ7E8RaZeqdBY0oDB+B1C6LWHnbZiEaQvH+j0nBx191NKUcA3Z4n4Sew+lA2YiQ3lWko4j/Kn+j8pnhrfVsYW8=,iv:F1PUbgZRsf8A3Es/UA+tV92DUywnPZx5iL7iLAICfsM=,tag:K9RuhNIpSuuec/OvShyvhQ==,type:str] mac: ENC[AES256_GCM,data:RSaqAh5OpOK6WjJSLzi4uUSGdGphTuz8skfqY3YEb9woVNFUKgYMurISuvCTBz99qcXSZGBmbL7Ppu+cEJQGCRz6Vmtu+mql5FbP/iyEOJALMN6VuK6l84WFzzEnWnNrN49B/+aTwtwJ01DDwy6Ze9RqekEAyLjYoyc/C94TwN4=,iv:kGtHqjZNal2t6GxYAvIRVnjI2VFrMAC3K5W62Slqmnw=,tag:paPQz3LRVfizIX3YXH9uCQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1