forgejo: move runner stuff to dedicated module

agenix/hosts/argon/config.nix

@@ -18,6 +18,10 @@
       file = ./adguardhome-sync/environment.age;
     };
 
+    forgejo-actions-token = {
+      file = ./forgejo-actions/token.age;
+    };
+
     weewx-proxy-environment = {
       file = ./weewx-proxy/environment.age;
     };

flake.lock

@@ -109,11 +109,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1694511957,
-        "narHash": "sha256-teCLY68npc0nuyOHYJURLuJSOME0yotJI29WXcpF1E4=",
+        "lastModified": 1694642855,
+        "narHash": "sha256-wcR5XA2EBVLqRKVGsfECgplip3TuqgYhp46yprFc6aQ=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "be98cffef02e5ebf438ea80b34b86e669c48eff1",
+        "rev": "689873ae4f765c0c1304daf7d304fa247a22e48d",
         "type": "github"
       },
       "original": {
@@ -300,11 +300,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1694585439,
-        "narHash": "sha256-70BlfEsdURx5f8sioj8JuM+R4/SZFyE8UYrULMknxlI=",
+        "lastModified": 1694642908,
+        "narHash": "sha256-0Opzs/56VW03COlVdoBrHJZGxQ7gzLDEWADnccC8ras=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a0ddf43b6268f1717afcda54133dea30435eb178",
+        "rev": "b62f549653e97d78392c1e282b8ca76546a86585",
         "type": "github"
       },
       "original": {

home/programs/nvim/plugins.nix

@@ -242,12 +242,12 @@ in
   };
   nvim-lspconfig = buildVimPluginFrom2Nix {
     pname = "nvim-lspconfig";
-    version = "2023-09-12";
+    version = "2023-09-13";
     src = fetchFromGitHub {
       owner = "neovim";
       repo = "nvim-lspconfig";
-      rev = "360a895125ac4f39df6aa8f763635eff07e69fff";
-      sha256 = "0sy9w8bl46i9krikxkbnsryrnnccji2hrw29k3ccihnn8nrxwvsl";
+      rev = "57139c690dc8d594b2f9de8d1e609f2854a4fe45";
+      sha256 = "1gigd4q0vz34wrism2i9qdkn4xhnhcbmgidahm67l7g16pvh48jw";
       fetchSubmodules = false;
     };
   };

secrets.nix

@@ -87,6 +87,8 @@ in
 
   "agenix/hosts/argon/acme/credentials.age".publicKeys = argon;
 
+  "agenix/hosts/argon/forgejo-actions/token.age".publicKeys = argon;
+
   "agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon;
 
   "agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon;

system/hosts/argon.nix

@@ -22,6 +22,8 @@ in
 
     ../nixos/attic.nix
 
+    (import ../nixos/forgejo-runner.nix (args // { name = "argon"; tag = "ubuntu-latest-arm64"; }))
+
     ../nixos/tailscale.nix
 
     ../nixos/unbound.nix
@@ -45,12 +47,14 @@ in
 
       substituters = [
         "https://attic.cache.daniel.sx/nifoc-systems"
+        "https://attic.cache.daniel.sx/nifoc-ci"
         "https://nifoc.cachix.org"
         "https://nix-community.cachix.org"
       ];
 
       trusted-public-keys = [
         "nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU="
+        "nifoc-ci:JpD9zqVQi8JuS7B8htPDOQZh08rhInMnGFS9RVhiuwk="
         "nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
       ];

system/hosts/tanker.nix

@@ -33,6 +33,7 @@ in
     ../nixos/fedifetcher.nix
 
     ../nixos/forgejo.nix
+    (import ../nixos/forgejo-runner.nix (args // { name = "tanker"; tag = "ubuntu-latest-amd64"; }))
 
     (import ../nixos/home-proxy.nix (args // { inherit secret; }))
 
@@ -72,12 +73,14 @@ in
 
       substituters = [
         "https://attic.cache.daniel.sx/nifoc-systems"
+        "https://attic.cache.daniel.sx/nifoc-ci"
         "https://nifoc.cachix.org"
         "https://nix-community.cachix.org"
       ];
 
       trusted-public-keys = [
         "nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU="
+        "nifoc-ci:JpD9zqVQi8JuS7B8htPDOQZh08rhInMnGFS9RVhiuwk="
         "nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
       ];

system/nixos/forgejo-runner.nix

@@ -0,0 +1,24 @@
+{ pkgs, config, name, tag, ... }:
+
+let
+  forgejoUrl = "https://git.kempkens.io";
+in
+{
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-actions-runner;
+
+    instances = {
+      tanker = {
+        enable = true;
+        url = forgejoUrl;
+
+        inherit name;
+        tokenFile = config.age.secrets.forgejo-actions-token.path;
+
+        labels = [
+          "${tag}:docker://ghcr.io/catthehacker/ubuntu:act-latest"
+        ];
+      };
+    };
+  };
+}

system/nixos/forgejo.nix

@@ -1,4 +1,4 @@
-{ pkgs, config, ... }:
+{ pkgs, ... }:
 
 let
   fqdn = "git.kempkens.io";
@@ -24,6 +24,7 @@ in
           PROTOCOL = "http+unix";
           DOMAIN = fqdn;
           ROOT_URL = "https://${fqdn}/";
+          LANDING_PAGE = "explore";
         };
 
         service = {
@@ -48,24 +49,7 @@ in
 
         other = {
           SHOW_FOOTER_VERSION = false;
-        };
-      };
-    };
-
-    gitea-actions-runner = {
-      package = pkgs.forgejo-actions-runner;
-
-      instances = {
-        tanker = {
-          enable = true;
-          url = "https://${fqdn}";
-
-          name = "tanker";
-          tokenFile = config.age.secrets.forgejo-actions-token.path;
-
-          labels = [
-            "ubuntu-latest-amd64:docker://ghcr.io/catthehacker/ubuntu:act-latest"
-          ];
+          SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
         };
       };
     };