daniel/dotfiles
1
0
Fork 0
Code Activity Actions

forgejo: setup actions runner

Browse source
This commit is contained in:
Daniel Kempkens 2023-09-13 00:00:21 +02:00
parent 1b4c9d6539
commit 0a55e0b540
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
5 changed files with 92 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
agenix/hosts/tanker/config.nix
View file

@ -27,6 +27,10 @@
file = ./fedifetcher/config.age; file = ./fedifetcher/config.age;
}; };
forgejo-actions-token = {
file = ./forgejo-actions/token.age;
};
linkding-environment = { linkding-environment = {
file = ./linkding/environment.age; file = ./linkding/environment.age;
}; };

9
agenix/hosts/tanker/forgejo-actions/token.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g j3LJbMvC+F+WI80vay1mUtT4AU/iPrVlJspYtDwL5WI
JllJKpMrJtNEF2Wjlt+FQZjt0HYg1jcM5Z23Nyr0JDQ
-> ssh-ed25519 iO8/4g M2tItsaOdbUwDrIR6CniYnQtmdgLBL31D/xdYI27DR4
hdQhMFbQ88Qd0b9/yUqSCp0jmWBVTamHRHxvfzMKQd0
-> a88u-grease %<;6}T6g dP%)[l 5M?k?Ff
66xUudBfSs81QpoQPElEtQ9W5IUdTpeO613+2nVdnOVb
--- +iZj/5A8YtvHw9xzvg95+S7aYwRvA87KYF8fsZyuORk
ÿ§Zh§è#ÊÖÆ&BÕÓ÷îÈKe¡Z`×òŠýD$;TH¡Àì³ÏÿÓL´×% à•ŒƒÈX©Høh$8€Ù³„)ÊŒ÷HàX<qã

7
hardware/hosts/tanker.nix
View file

@ -22,6 +22,13 @@
kernelModules = [ "kvm-amd" "tls" ]; kernelModules = [ "kvm-amd" "tls" ];
}; };
swraid = {
enable = true;
mdadmConf = ''
MAILADDR daniel+tanker@kempkens.io
'';
};
kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages; kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages;
kernelModules = [ "tcp_bbr" ]; kernelModules = [ "tcp_bbr" ];

2
secrets.nix
View file

@ -25,6 +25,8 @@ in
"agenix/hosts/tanker/fedifetcher/config.age".publicKeys = tanker; "agenix/hosts/tanker/fedifetcher/config.age".publicKeys = tanker;
"agenix/hosts/tanker/forgejo-actions/token.age".publicKeys = tanker;
"agenix/hosts/tanker/mastodon/databasePassword.age".publicKeys = tanker; "agenix/hosts/tanker/mastodon/databasePassword.age".publicKeys = tanker;
"agenix/hosts/tanker/mastodon/smtpPassword.age".publicKeys = tanker; "agenix/hosts/tanker/mastodon/smtpPassword.age".publicKeys = tanker;
"agenix/hosts/tanker/mastodon/otpSecret.age".publicKeys = tanker; "agenix/hosts/tanker/mastodon/otpSecret.age".publicKeys = tanker;

115
system/nixos/forgejo.nix
View file

@ -1,66 +1,91 @@
{ pkgs, ... }: { pkgs, config, ... }:
let let
fqdn = "git.kempkens.io"; fqdn = "git.kempkens.io";
in in
{ {
services.gitea = { services = {
enable = true; gitea = {
package = pkgs.forgejo; enable = true;
package = pkgs.forgejo;
stateDir = "/var/lib/forgejo"; stateDir = "/var/lib/forgejo";
database = { database = {
type = "postgres"; type = "postgres";
};
lfs.enable = true;
appName = "kempkens.io Forge";
settings = {
server = {
PROTOCOL = "http+unix";
DOMAIN = fqdn;
ROOT_URL = "https://${fqdn}/";
}; };
service = { lfs.enable = true;
DISABLE_REGISTRATION = true;
};
mailer = { appName = "kempkens.io Forge";
ENABLED = true;
PROTOCOL = "sendmail";
FROM = "forgejo@mg.kempkens.io";
SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail";
};
session = { settings = {
COOKIE_SECURE = true; server = {
SAME_SITE = "strict"; PROTOCOL = "http+unix";
}; DOMAIN = fqdn;
ROOT_URL = "https://${fqdn}/";
};
repository = { service = {
DISABLE_HTTP_GIT = true; DISABLE_REGISTRATION = true;
}; };
other = { mailer = {
SHOW_FOOTER_VERSION = false; ENABLED = true;
PROTOCOL = "sendmail";
FROM = "forgejo@mg.kempkens.io";
SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail";
};
session = {
COOKIE_SECURE = true;
SAME_SITE = "strict";
};
repository = {
DISABLE_HTTP_GIT = true;
};
actions = {
ENABLED = true;
};
other = {
SHOW_FOOTER_VERSION = false;
};
}; };
}; };
};
services.nginx.virtualHosts."${fqdn}" = { gitea-actions-runner = {
quic = true; package = pkgs.forgejo-actions-runner;
http3 = true;
onlySSL = true; instances = {
useACMEHost = "kempkens.io"; tanker = {
enable = true;
url = "https://${fqdn}";
locations."/" = { name = "tanker";
recommendedProxySettings = true; tokenFile = config.age.secrets.forgejo-actions-token.path;
proxyPass = "http://unix:/run/gitea/gitea.sock";
labels = [
"debian-bullseye:docker://node:18-bullseye"
"debian-bookworm:docker://node:18-bookworm"
];
};
};
};
nginx.virtualHosts."${fqdn}" = {
quic = true;
http3 = true;
onlySSL = true;
useACMEHost = "kempkens.io";
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://unix:/run/gitea/gitea.sock";
};
}; };
}; };
} }