daniel/dotfiles
1
0
Fork 0
Code Activity Actions

tanker: Setup and configure Forgejo Actions

Browse source
This commit is contained in:
Daniel Kempkens 2023-09-14 00:30:04 +02:00
parent 33c0c52454
commit c0e392ae2a
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
7 changed files with 65 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
agenix/hosts/tanker/forgejo-actions/token.age
View file

@ -1,9 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 MtGp6g j3LJbMvC+F+WI80vay1mUtT4AU/iPrVlJspYtDwL5WI -> ssh-ed25519 MtGp6g jM+++wGqvWlj9wKwKdrS3d8xpwfLp1ks4GCh3sm/6zM
JllJKpMrJtNEF2Wjlt+FQZjt0HYg1jcM5Z23Nyr0JDQ QkBPJf0lBF617AFcko4KA/Aq6mi6eMWp/ye2Abf2fKk
-> ssh-ed25519 iO8/4g M2tItsaOdbUwDrIR6CniYnQtmdgLBL31D/xdYI27DR4 -> ssh-ed25519 iO8/4g IGCdvdMB6PdiqxA9yamSUMCfH4Bk0JmtOuZt4WZrFGM
hdQhMFbQ88Qd0b9/yUqSCp0jmWBVTamHRHxvfzMKQd0 cz19imzpQAkWv+iCoUzBfMRC5D0yusCMQkROrjBhoJ0
-> a88u-grease %<;6}T6g dP%)[l 5M?k?Ff -> PT|e-grease cJG6UW4o
66xUudBfSs81QpoQPElEtQ9W5IUdTpeO613+2nVdnOVb 4G+Rp2jt1sZbGLxuKl7DgX1wl1kaOhhEjkloCeaHg0lt6P7bmjcg++jh6hWs7MhO
--- +iZj/5A8YtvHw9xzvg95+S7aYwRvA87KYF8fsZyuORk dMp8SKY9
ÿ§Zh§è#ÊÖÆ&BÕÓ÷îÈKe¡Z`×òŠýD$;TH¡Àì³ÏÿÓL´×% à•ŒƒÈX©Høh$8€Ù³„)ÊŒ÷HàX<qã --- VdFRpEBs74LJOqJNYwiGeb/wy/e7Wm+aFQnw3AI1pFw
r åkòBúxµvŠ™a ob""éh&éÅîb{ñÌH´òã,×q¢·Ã RSm½¤ûÃTûo ¾hB•gdµ ÷?GÒ¼n0©î

4
system/hosts/tanker.nix
View file

@ -109,10 +109,6 @@ in
hostName = "tanker"; hostName = "tanker";
hostId = "d89f488a"; hostId = "d89f488a";
useNetworkd = true; useNetworkd = true;
extraHosts = ''
127.0.0.1 attic.cache.daniel.sx
'';
}; };
systemd = { systemd = {

7
system/nixos/forgejo.nix
View file

@ -42,10 +42,6 @@ in
SAME_SITE = "strict"; SAME_SITE = "strict";
}; };
repository = {
DISABLE_HTTP_GIT = true;
};
actions = { actions = {
ENABLED = true; ENABLED = true;
}; };
@ -68,8 +64,7 @@ in
tokenFile = config.age.secrets.forgejo-actions-token.path; tokenFile = config.age.secrets.forgejo-actions-token.path;
labels = [ labels = [
"debian-bullseye:docker://node:18-bullseye" "ubuntu-latest-amd64:docker://ghcr.io/catthehacker/ubuntu:act-latest"
"debian-bookworm:docker://node:18-bookworm"
]; ];
}; };
}; };

18
system/nixos/nginx-argon.nix
View file

@ -1,3 +1,5 @@
{ lib, config, ... }:
{ {
services.nginx.virtualHosts."default.internal.kempkens.network" = { services.nginx.virtualHosts."default.internal.kempkens.network" = {
listen = [ listen = [
@ -34,4 +36,20 @@
return = "418"; return = "418";
}; };
}; };
networking.firewall.interfaces =
let
interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks ++ [ "tailscale0" ];
in
builtins.listToAttrs
(builtins.map
(iface:
{
name = iface;
value = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 443 ];
};
})
(builtins.filter builtins.isString interfaces));
} }

18
system/nixos/nginx-mediaserver.nix
View file

@ -1,3 +1,5 @@
{ lib, config, ... }:
{ {
services.nginx.virtualHosts."default.internal.kempkens.network" = { services.nginx.virtualHosts."default.internal.kempkens.network" = {
listen = [ listen = [
@ -34,4 +36,20 @@
return = "418"; return = "418";
}; };
}; };
networking.firewall.interfaces =
let
interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks ++ [ "tailscale0" ];
in
builtins.listToAttrs
(builtins.map
(iface:
{
name = iface;
value = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 443 ];
};
})
(builtins.filter builtins.isString interfaces));
} }

18
system/nixos/nginx-tanker.nix
View file

@ -1,3 +1,5 @@
{ lib, config, ... }:
{ {
services.nginx.virtualHosts."default.kempkens.io" = { services.nginx.virtualHosts."default.kempkens.io" = {
listen = [ listen = [
@ -34,4 +36,20 @@
return = "418"; return = "418";
}; };
}; };
networking.firewall.interfaces =
let
interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks ++ [ "tailscale0" ];
in
builtins.listToAttrs
(builtins.map
(iface:
{
name = iface;
value = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 443 ];
};
})
(builtins.filter builtins.isString interfaces));
} }

18
system/nixos/nginx.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, config, ... }: { pkgs, ... }:
{ {
services.nginx = { services.nginx = {
@ -25,20 +25,4 @@
access_log /var/log/nginx/access.log combined_anon buffer=32k flush=5m; access_log /var/log/nginx/access.log combined_anon buffer=32k flush=5m;
''; '';
}; };
networking.firewall.interfaces =
let
interfaces = lib.mapAttrsToList (_: lib.attrsets.attrByPath [ "matchConfig" "Name" ] null) config.systemd.network.networks ++ [ "tailscale0" ];
in
builtins.listToAttrs
(builtins.map
(iface:
{
name = iface;
value = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 443 ];
};
})
(builtins.filter builtins.isString interfaces));
} }