daniel/dotfiles
1
0
Fork 0
Code Activity Actions

forgejo: setup actions runner

Browse source
This commit is contained in:
Daniel Kempkens 2023-09-13 00:00:21 +02:00
parent 1b4c9d6539
commit 0a55e0b540
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
5 changed files with 92 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
agenix/hosts/tanker/config.nix
View file

@ -27,6 +27,10 @@
file = ./fedifetcher/config.age; file = ./fedifetcher/config.age;
}; };
forgejo-actions-token = {
file = ./forgejo-actions/token.age;
};
linkding-environment = { linkding-environment = {
file = ./linkding/environment.age; file = ./linkding/environment.age;
}; };

9
agenix/hosts/tanker/forgejo-actions/token.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g j3LJbMvC+F+WI80vay1mUtT4AU/iPrVlJspYtDwL5WI
JllJKpMrJtNEF2Wjlt+FQZjt0HYg1jcM5Z23Nyr0JDQ
-> ssh-ed25519 iO8/4g M2tItsaOdbUwDrIR6CniYnQtmdgLBL31D/xdYI27DR4
hdQhMFbQ88Qd0b9/yUqSCp0jmWBVTamHRHxvfzMKQd0
-> a88u-grease %<;6}T6g dP%)[l 5M?k?Ff
66xUudBfSs81QpoQPElEtQ9W5IUdTpeO613+2nVdnOVb
--- +iZj/5A8YtvHw9xzvg95+S7aYwRvA87KYF8fsZyuORk
ÿ§Zh§è#ÊÖÆ&BÕÓ÷îÈKe¡Z`×òŠýD$;TH¡Àì³ÏÿÓL´×% à•ŒƒÈX©Høh$8€Ù³„)ÊŒ÷HàX<qã

7
hardware/hosts/tanker.nix
View file

@ -22,6 +22,13 @@
kernelModules = [ "kvm-amd" "tls" ]; kernelModules = [ "kvm-amd" "tls" ];
}; };
swraid = {
enable = true;
mdadmConf = ''
MAILADDR daniel+tanker@kempkens.io
'';
};
kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages; kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages;
kernelModules = [ "tcp_bbr" ]; kernelModules = [ "tcp_bbr" ];

2
secrets.nix
View file

@ -25,6 +25,8 @@ in
"agenix/hosts/tanker/fedifetcher/config.age".publicKeys = tanker; "agenix/hosts/tanker/fedifetcher/config.age".publicKeys = tanker;
"agenix/hosts/tanker/forgejo-actions/token.age".publicKeys = tanker;
"agenix/hosts/tanker/mastodon/databasePassword.age".publicKeys = tanker; "agenix/hosts/tanker/mastodon/databasePassword.age".publicKeys = tanker;
"agenix/hosts/tanker/mastodon/smtpPassword.age".publicKeys = tanker; "agenix/hosts/tanker/mastodon/smtpPassword.age".publicKeys = tanker;
"agenix/hosts/tanker/mastodon/otpSecret.age".publicKeys = tanker; "agenix/hosts/tanker/mastodon/otpSecret.age".publicKeys = tanker;

31
system/nixos/forgejo.nix
View file

@ -1,10 +1,11 @@
{ pkgs, ... }: { pkgs, config, ... }:
let let
fqdn = "git.kempkens.io"; fqdn = "git.kempkens.io";
in in
{ {
services.gitea = { services = {
gitea = {
enable = true; enable = true;
package = pkgs.forgejo; package = pkgs.forgejo;
@ -45,13 +46,36 @@ in
DISABLE_HTTP_GIT = true; DISABLE_HTTP_GIT = true;
}; };
actions = {
ENABLED = true;
};
other = { other = {
SHOW_FOOTER_VERSION = false; SHOW_FOOTER_VERSION = false;
}; };
}; };
}; };
services.nginx.virtualHosts."${fqdn}" = { gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances = {
tanker = {
enable = true;
url = "https://${fqdn}";
name = "tanker";
tokenFile = config.age.secrets.forgejo-actions-token.path;
labels = [
"debian-bullseye:docker://node:18-bullseye"
"debian-bookworm:docker://node:18-bookworm"
];
};
};
};
nginx.virtualHosts."${fqdn}" = {
quic = true; quic = true;
http3 = true; http3 = true;
@ -63,4 +87,5 @@ in
proxyPass = "http://unix:/run/gitea/gitea.sock"; proxyPass = "http://unix:/run/gitea/gitea.sock";
}; };
}; };
};
} }