From 1cb01b1d890f280dfde18300e19717b1ef43dc92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Tue, 18 Mar 2025 23:58:46 +0100 Subject: [PATCH] services/forgejo-runner: init --- hosts/ude/default.nix | 5 ++++- secrets/forgejo-token.age | 9 +++++++++ secrets/secrets.nix | 5 +++++ services/default.nix | 1 + services/forgejo-runner.nix | 37 +++++++++++++++++++++++++++++++++++++ 5 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 secrets/forgejo-token.age create mode 100644 services/forgejo-runner.nix diff --git a/hosts/ude/default.nix b/hosts/ude/default.nix index d395fbd..221aef7 100644 --- a/hosts/ude/default.nix +++ b/hosts/ude/default.nix @@ -26,7 +26,10 @@ }; settei.incus.enable = true; - virtualisation.podman.enable = true; + virtualisation.podman = { + enable = true; + defaultNetwork.settings.dns_enabled = true; + }; services.nginx = { enable = true; diff --git a/secrets/forgejo-token.age b/secrets/forgejo-token.age new file mode 100644 index 0000000..13f30a6 --- /dev/null +++ b/secrets/forgejo-token.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 rA7dkQ tnp92QTb/uXAEizZuUrnaGcJCCkCSjIcE4RiQiYVdw8 +HXsRlqJSrDYaAeYslcR+g5KIQC1SUxFp+QdSHpKT61s +-> ssh-ed25519 IFuY+w LI7kx/XwfF0JU8tSmW75nxpeLTUkEfY8NunAZljafCc +f+WEjASZzP9ISv+7kPIMVNgEjdHUxVnLzUkqFHo4byY +-> ssh-ed25519 GKhvwg EZDwzHfhaY0iHHeIDvm6BIY64kPPUgKjZnNuuwwqoAw +FvZEeIqnsFA1fQka4R7sax1O13UZWoVbksSMLP3eEaA +--- XBBcs7w5J7w01fKGoAXVTgOffS9ajheUMz3vDsxHgTo +¼›g´ÕöؤƒRn´lè¥gÃ’ÅÁA˜*%ÇYªr¯í 9}³=L~f7„¶ZgâxŠèœ >¦ Rë}hQ›óõz`rÅZèØñ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ef3acb5..57943fa 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -92,4 +92,9 @@ in keys.system.youko keys.other.bootstrap ]; + "forgejo-token.age".publicKeys = [ + keys.system.youko + keys.system.ude + keys.other.bootstrap + ]; } diff --git a/services/default.nix b/services/default.nix index d588ede..1837462 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,5 +1,6 @@ { imports = [ ./attic.nix + ./forgejo-runner.nix ]; } diff --git a/services/forgejo-runner.nix b/services/forgejo-runner.nix new file mode 100644 index 0000000..6b636ca --- /dev/null +++ b/services/forgejo-runner.nix @@ -0,0 +1,37 @@ +{ + services.forgejo-runner = { + hosts = [ + "ude" + "youko" + ]; + config = + { config, pkgs, ... }: + { + age.secrets.forgejo-runner-token.file = ../secrets/forgejo-token.age; + + services.gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances.default = { + enable = true; + name = config.networking.hostName; + url = "https://git.rab.lol"; + tokenFile = config.age.secrets.forgejo-runner-token.path; + labels = [ + "ubuntu-latest:docker://node:16-bullseye" + "ubuntu-22.04:docker://node:16-bullseye" + "ubuntu-20.04:docker://node:16-bullseye" + "ubuntu-18.04:docker://node:16-buster" + "native:host" + ]; + }; + }; + + virtualisation.podman = { + enable = true; + defaultNetwork.settings.dns_enabled = true; + }; + + networking.firewall.trustedInterfaces = [ "br-+" ]; + }; + }; +}