From 79efbf9ea21315ac60f8b6be14c9ea6d274a2f92 Mon Sep 17 00:00:00 2001 From: Adithya Nair Date: Tue, 29 Oct 2024 22:34:48 +0530 Subject: [PATCH] layne, rico2: setup forgejo actions runner --- hosts/rico2/services/apps/default.nix | 1 + .../services/apps/forgejo-actions-runner.nix | 25 +++++++++++++++++++ hosts/rico2/services/default.nix | 1 + hosts/rico2/services/podman.nix | 5 ++++ hosts/wynne/services/apps/forgejo.nix | 25 ++++++++++++++++++- hosts/wynne/services/default.nix | 1 + hosts/wynne/services/podman.nix | 5 ++++ secrets.yaml | 6 +++-- 8 files changed, 66 insertions(+), 3 deletions(-) create mode 100644 hosts/rico2/services/apps/forgejo-actions-runner.nix create mode 100644 hosts/rico2/services/podman.nix create mode 100644 hosts/wynne/services/podman.nix diff --git a/hosts/rico2/services/apps/default.nix b/hosts/rico2/services/apps/default.nix index 2a8bf44..4262c9a 100644 --- a/hosts/rico2/services/apps/default.nix +++ b/hosts/rico2/services/apps/default.nix @@ -2,6 +2,7 @@ _: { imports = [ ./alertmanager.nix ./blocky.nix + ./forgejo-actions-runner.nix ./grafana.nix ../../../shared/prometheus-exporters.nix ../../../shared/promtail.nix diff --git a/hosts/rico2/services/apps/forgejo-actions-runner.nix b/hosts/rico2/services/apps/forgejo-actions-runner.nix new file mode 100644 index 0000000..7bcb698 --- /dev/null +++ b/hosts/rico2/services/apps/forgejo-actions-runner.nix @@ -0,0 +1,25 @@ +{ pkgs, config, ... }: { + sops.secrets = { + "forgejo/runner_registration_token_file" = { + mode = "400"; + owner = config.users.users.root.name; + group = config.users.users.root.group; + }; + }; + services.gitea-actions-runner = { + package = pkgs.forgejo-runner; + instances = { + runner-arm64 = { + enable = true; + name = "runner-arm64"; + labels = [ + "debian-stable:docker://debian:stable" + "ubuntu:docker://ubuntu:latest" + "alpine:docker://alpine:latest" + ]; + tokenFile = config.sops.secrets."forgejo/runner_registration_token_file".path; + url = "https://forge.acomputer.lol"; + }; + }; + }; +} diff --git a/hosts/rico2/services/default.nix b/hosts/rico2/services/default.nix index 7b61e2d..cbe3a19 100644 --- a/hosts/rico2/services/default.nix +++ b/hosts/rico2/services/default.nix @@ -2,6 +2,7 @@ _: { imports = [ ./apps ./btrfs.nix + ./podman.nix ./ssh.nix ../../shared/caddy.nix ]; diff --git a/hosts/rico2/services/podman.nix b/hosts/rico2/services/podman.nix new file mode 100644 index 0000000..acf8d9e --- /dev/null +++ b/hosts/rico2/services/podman.nix @@ -0,0 +1,5 @@ +_: { + virtualisation.podman = { + enable = true; + }; +} diff --git a/hosts/wynne/services/apps/forgejo.nix b/hosts/wynne/services/apps/forgejo.nix index a20c7e6..0136147 100644 --- a/hosts/wynne/services/apps/forgejo.nix +++ b/hosts/wynne/services/apps/forgejo.nix @@ -1,10 +1,33 @@ -{ config, lib, ... }: +{ pkgs, config, lib, ... }: let cfg = config.services.forgejo; domainName = "forge.acomputer.lol"; in { + sops.secrets = { + "forgejo/runner_registration_token_file" = { + mode = "400"; + owner = config.users.users.root.name; + group = config.users.users.root.group; + }; + }; services = { + gitea-actions-runner = { + package = pkgs.forgejo-runner; + instances = { + runner-x86_64 = { + enable = true; + name = "runner-x86_64"; + labels = [ + "debian-stable:docker://debian:stable" + "ubuntu:docker://ubuntu:latest" + "alpine:docker://alpine:latest" + ]; + tokenFile = config.sops.secrets."forgejo/runner_registration_token_file".path; + url = "https://forge.acomputer.lol"; + }; + }; + }; forgejo = { enable = true; stateDir = "/mnt/data/Forgejo"; diff --git a/hosts/wynne/services/default.nix b/hosts/wynne/services/default.nix index c3b6764..d7a47aa 100644 --- a/hosts/wynne/services/default.nix +++ b/hosts/wynne/services/default.nix @@ -2,6 +2,7 @@ _: { imports = [ ./apps ./btrfs.nix + ./podman.nix ./ssh.nix ../../shared/caddy.nix ]; diff --git a/hosts/wynne/services/podman.nix b/hosts/wynne/services/podman.nix new file mode 100644 index 0000000..acf8d9e --- /dev/null +++ b/hosts/wynne/services/podman.nix @@ -0,0 +1,5 @@ +_: { + virtualisation.podman = { + enable = true; + }; +} diff --git a/secrets.yaml b/secrets.yaml index 72b8e49..142bba3 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -24,6 +24,8 @@ matrix: syncv3_secret: ENC[AES256_GCM,data:05lLSSolNO55VjJQL3nLNGo2jiZUZht2FKNvc2O2dCccSfglrwm6J5Guzns9ZlT8X9j74lvlWlbM6Q==,iv:1zARbgZ9GJV1UMJ+WjFPNYPqhRjGVj4iLYMpfsRjrko=,tag:fQ9Vg1xD1k2eYlEbtF6q8A==,type:str] caddy: env_file: ENC[AES256_GCM,data:PKtILX7o0D3rj78JXIXad9UcQz0ZiihXK1nY/kb08fh3i54hYrFyJyGt04b9mAufxTnhDV4=,iv:I/EtxopCFmRxgsGJIcFDufTiM1JyPPoIQkgKIDiCP24=,tag:5QlGMp839p9RYKB09tr61A==,type:str] +forgejo: + runner_registration_token_file: ENC[AES256_GCM,data:1ycTh6FxUXGyreaJThZpYfwdy8wQj9cN3znIGmhgr04Pvmew7wxHJZ27i9Xp8g==,iv:8O5I8oQW10dgLOXJOvv3bMis6tHPxgxrie+5AmnHy38=,tag:CCYJLXEeSLVoTgTc2U48Zw==,type:str] proton: layne: ENC[AES256_GCM,data:wAY2uoxjM1ubHzvwBfsgQzx+OLsno4Q/gP5XPiDPHwWy3IbmU14EhSH942mdjixRlHK2/T3l3NYqFSOm//8Ri9+GyfmJBcIKY/A8vgui0DbkGOb5+h7AKDoCwyUrredtCtFSWk5Hahl19BnJtoLEzmOjbF6su7P2PgAdpxlkWiiyR3ZVSC+PD/2KjdkgNSEXV8V7fxTSaiMqAYXiIqe33Kx5gKIVHPuHf8qrnKYQ92q2BUolpXpcg24FlbavjgmkTI3wCw9V/o/zo5lJnCzi8TSdVelJ5fOKDUA+8FemJcquYQ==,iv:dsbKPzNUAYnH1yaflxEAoKaTj+QtflkMdqAQqQQi418=,tag:jsSTKjmk6nTUfUAxcTsMtA==,type:str] sops: @@ -95,8 +97,8 @@ sops: YzdpTitkMHh6VUFtV2FodVF6OWJkTU0KBjC+esgHZ8hTWXwZ+cy4++jLP+gsruHM fmRDhvQu0MNHkjQ8q4VmwRVl10uc8CyTDFTuyDoAhvmnzXHtrg1wpA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-28T11:23:04Z" - mac: ENC[AES256_GCM,data:J2PFw2F3K7QqCL509L+D9YTSiWKafuWbKymfpGXLc4gkkqvu2Uk15pL5mcqgxz39plZ/hxKQDAtqDRaBXgrpGuyLftd4xrGs8O6BZUQygU5YTNiaF7LHbSFhu3XuwSm0PkV3fpee8GUvwF51lPly5aZIIFhIfALJSeilScEH7qs=,iv:ufwva8whVXQytx9Yb8HOpoHkSRm6xkA6qeBoniu6aAQ=,tag:fd9A5cnyxR3e8hsSeHYbfw==,type:str] + lastmodified: "2024-10-29T14:26:09Z" + mac: ENC[AES256_GCM,data:IXvQiON8db7pP+Bxsu1EkjxbM7keSXco02my0awn0fhU9/MRYWsCp44Fu6+9jXjDPdfK7duWTJv+o0+K+sMxb6p4CtCDqIhy7h5W3og+sltiVN78Qxi5tuXvgiP/maZtJWnfT96jiMftAfxMha9pMpdeJ4NMPF7snHAgc6dRzVg=,iv:vMkSiF8jzNFeLEsbM4ctkB1DXXMwbb7vZEJr4+Buhkw=,tag:TV1vAQRMcdNhTkL1Chdf1Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1