layne, rico2: setup forgejo actions runner

This commit is contained in:
Adithya 2024-10-29 22:34:48 +05:30
parent d6a0b50283
commit 79efbf9ea2
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
8 changed files with 66 additions and 3 deletions

View file

@ -2,6 +2,7 @@ _: {
imports = [ imports = [
./alertmanager.nix ./alertmanager.nix
./blocky.nix ./blocky.nix
./forgejo-actions-runner.nix
./grafana.nix ./grafana.nix
../../../shared/prometheus-exporters.nix ../../../shared/prometheus-exporters.nix
../../../shared/promtail.nix ../../../shared/promtail.nix

View file

@ -0,0 +1,25 @@
{ pkgs, config, ... }: {
sops.secrets = {
"forgejo/runner_registration_token_file" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
};
services.gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances = {
runner-arm64 = {
enable = true;
name = "runner-arm64";
labels = [
"debian-stable:docker://debian:stable"
"ubuntu:docker://ubuntu:latest"
"alpine:docker://alpine:latest"
];
tokenFile = config.sops.secrets."forgejo/runner_registration_token_file".path;
url = "https://forge.acomputer.lol";
};
};
};
}

View file

@ -2,6 +2,7 @@ _: {
imports = [ imports = [
./apps ./apps
./btrfs.nix ./btrfs.nix
./podman.nix
./ssh.nix ./ssh.nix
../../shared/caddy.nix ../../shared/caddy.nix
]; ];

View file

@ -0,0 +1,5 @@
_: {
virtualisation.podman = {
enable = true;
};
}

View file

@ -1,10 +1,33 @@
{ config, lib, ... }: { pkgs, config, lib, ... }:
let let
cfg = config.services.forgejo; cfg = config.services.forgejo;
domainName = "forge.acomputer.lol"; domainName = "forge.acomputer.lol";
in in
{ {
sops.secrets = {
"forgejo/runner_registration_token_file" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
};
services = { services = {
gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances = {
runner-x86_64 = {
enable = true;
name = "runner-x86_64";
labels = [
"debian-stable:docker://debian:stable"
"ubuntu:docker://ubuntu:latest"
"alpine:docker://alpine:latest"
];
tokenFile = config.sops.secrets."forgejo/runner_registration_token_file".path;
url = "https://forge.acomputer.lol";
};
};
};
forgejo = { forgejo = {
enable = true; enable = true;
stateDir = "/mnt/data/Forgejo"; stateDir = "/mnt/data/Forgejo";

View file

@ -2,6 +2,7 @@ _: {
imports = [ imports = [
./apps ./apps
./btrfs.nix ./btrfs.nix
./podman.nix
./ssh.nix ./ssh.nix
../../shared/caddy.nix ../../shared/caddy.nix
]; ];

View file

@ -0,0 +1,5 @@
_: {
virtualisation.podman = {
enable = true;
};
}

View file

@ -24,6 +24,8 @@ matrix:
syncv3_secret: ENC[AES256_GCM,data:05lLSSolNO55VjJQL3nLNGo2jiZUZht2FKNvc2O2dCccSfglrwm6J5Guzns9ZlT8X9j74lvlWlbM6Q==,iv:1zARbgZ9GJV1UMJ+WjFPNYPqhRjGVj4iLYMpfsRjrko=,tag:fQ9Vg1xD1k2eYlEbtF6q8A==,type:str] syncv3_secret: ENC[AES256_GCM,data:05lLSSolNO55VjJQL3nLNGo2jiZUZht2FKNvc2O2dCccSfglrwm6J5Guzns9ZlT8X9j74lvlWlbM6Q==,iv:1zARbgZ9GJV1UMJ+WjFPNYPqhRjGVj4iLYMpfsRjrko=,tag:fQ9Vg1xD1k2eYlEbtF6q8A==,type:str]
caddy: caddy:
env_file: ENC[AES256_GCM,data:PKtILX7o0D3rj78JXIXad9UcQz0ZiihXK1nY/kb08fh3i54hYrFyJyGt04b9mAufxTnhDV4=,iv:I/EtxopCFmRxgsGJIcFDufTiM1JyPPoIQkgKIDiCP24=,tag:5QlGMp839p9RYKB09tr61A==,type:str] env_file: ENC[AES256_GCM,data:PKtILX7o0D3rj78JXIXad9UcQz0ZiihXK1nY/kb08fh3i54hYrFyJyGt04b9mAufxTnhDV4=,iv:I/EtxopCFmRxgsGJIcFDufTiM1JyPPoIQkgKIDiCP24=,tag:5QlGMp839p9RYKB09tr61A==,type:str]
forgejo:
runner_registration_token_file: ENC[AES256_GCM,data:1ycTh6FxUXGyreaJThZpYfwdy8wQj9cN3znIGmhgr04Pvmew7wxHJZ27i9Xp8g==,iv:8O5I8oQW10dgLOXJOvv3bMis6tHPxgxrie+5AmnHy38=,tag:CCYJLXEeSLVoTgTc2U48Zw==,type:str]
proton: proton:
layne: ENC[AES256_GCM,data:wAY2uoxjM1ubHzvwBfsgQzx+OLsno4Q/gP5XPiDPHwWy3IbmU14EhSH942mdjixRlHK2/T3l3NYqFSOm//8Ri9+GyfmJBcIKY/A8vgui0DbkGOb5+h7AKDoCwyUrredtCtFSWk5Hahl19BnJtoLEzmOjbF6su7P2PgAdpxlkWiiyR3ZVSC+PD/2KjdkgNSEXV8V7fxTSaiMqAYXiIqe33Kx5gKIVHPuHf8qrnKYQ92q2BUolpXpcg24FlbavjgmkTI3wCw9V/o/zo5lJnCzi8TSdVelJ5fOKDUA+8FemJcquYQ==,iv:dsbKPzNUAYnH1yaflxEAoKaTj+QtflkMdqAQqQQi418=,tag:jsSTKjmk6nTUfUAxcTsMtA==,type:str] layne: ENC[AES256_GCM,data:wAY2uoxjM1ubHzvwBfsgQzx+OLsno4Q/gP5XPiDPHwWy3IbmU14EhSH942mdjixRlHK2/T3l3NYqFSOm//8Ri9+GyfmJBcIKY/A8vgui0DbkGOb5+h7AKDoCwyUrredtCtFSWk5Hahl19BnJtoLEzmOjbF6su7P2PgAdpxlkWiiyR3ZVSC+PD/2KjdkgNSEXV8V7fxTSaiMqAYXiIqe33Kx5gKIVHPuHf8qrnKYQ92q2BUolpXpcg24FlbavjgmkTI3wCw9V/o/zo5lJnCzi8TSdVelJ5fOKDUA+8FemJcquYQ==,iv:dsbKPzNUAYnH1yaflxEAoKaTj+QtflkMdqAQqQQi418=,tag:jsSTKjmk6nTUfUAxcTsMtA==,type:str]
sops: sops:
@ -95,8 +97,8 @@ sops:
YzdpTitkMHh6VUFtV2FodVF6OWJkTU0KBjC+esgHZ8hTWXwZ+cy4++jLP+gsruHM YzdpTitkMHh6VUFtV2FodVF6OWJkTU0KBjC+esgHZ8hTWXwZ+cy4++jLP+gsruHM
fmRDhvQu0MNHkjQ8q4VmwRVl10uc8CyTDFTuyDoAhvmnzXHtrg1wpA== fmRDhvQu0MNHkjQ8q4VmwRVl10uc8CyTDFTuyDoAhvmnzXHtrg1wpA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-28T11:23:04Z" lastmodified: "2024-10-29T14:26:09Z"
mac: ENC[AES256_GCM,data:J2PFw2F3K7QqCL509L+D9YTSiWKafuWbKymfpGXLc4gkkqvu2Uk15pL5mcqgxz39plZ/hxKQDAtqDRaBXgrpGuyLftd4xrGs8O6BZUQygU5YTNiaF7LHbSFhu3XuwSm0PkV3fpee8GUvwF51lPly5aZIIFhIfALJSeilScEH7qs=,iv:ufwva8whVXQytx9Yb8HOpoHkSRm6xkA6qeBoniu6aAQ=,tag:fd9A5cnyxR3e8hsSeHYbfw==,type:str] mac: ENC[AES256_GCM,data:IXvQiON8db7pP+Bxsu1EkjxbM7keSXco02my0awn0fhU9/MRYWsCp44Fu6+9jXjDPdfK7duWTJv+o0+K+sMxb6p4CtCDqIhy7h5W3og+sltiVN78Qxi5tuXvgiP/maZtJWnfT96jiMftAfxMha9pMpdeJ4NMPF7snHAgc6dRzVg=,iv:vMkSiF8jzNFeLEsbM4ctkB1DXXMwbb7vZEJr4+Buhkw=,tag:TV1vAQRMcdNhTkL1Chdf1Q==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.1