diff --git a/hosts/chmura/services/forgejo.nix b/hosts/chmura/services/forgejo.nix index 8e3e7dd..329432b 100644 --- a/hosts/chmura/services/forgejo.nix +++ b/hosts/chmura/services/forgejo.nix @@ -1,26 +1,66 @@ { config, + pkgs, ... }: { - services.forgejo = { - enable = true; - lfs.enable = true; - database.type = "postgres"; - dump = { - enable = true; - type = "tar.xz"; - }; - settings = { - DEFAULT = { - APP_NAME = "fuck it we code"; - }; + age.secrets.forgejo-runner-token.file = ../../../secrets/forgejo-runner-token.age; - server = rec { - DOMAIN = "git.jacekpoz.pl"; - HTTP_PORT = 1849; - PROTOCOL = "http"; - SSH_PORT = 8236; - ROOT_URL = "${PROTOCOL}://${DOMAIN}/"; + services = { + forgejo = { + enable = true; + lfs.enable = true; + database.type = "postgres"; + dump = { + enable = true; + type = "tar.xz"; + }; + settings = { + DEFAULT = { + APP_NAME = "fuck it we code"; + }; + + server = rec { + DOMAIN = "git.jacekpoz.pl"; + HTTP_PORT = 1849; + PROTOCOL = "http"; + SSH_PORT = 8236; + ROOT_URL = "${PROTOCOL}://${DOMAIN}/"; + }; + service = { + DISABLE_REGISTRATION = true; + }; + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "https://code.forgejo.org"; + }; + federation = { + ENABLED = true; + }; + }; + }; + gitea-actions-runner = { + package = pkgs.forgejo-runner; + instances = { + chmura = { + enable = true; + name = config.networking.hostName; + url = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; + tokenFile = config.age.secrets.forgejo-runner-token.path; + labels = [ + "native:host" + ]; + settings = { + log.level = "info"; + runner = { + file = ".runner"; + capacity = 2; + timeout = "3h"; + insecure = false; + fetch_timeout = "5s"; + fetch_interval = "2s"; + }; + }; + }; }; }; }; diff --git a/secrets/forgejo-runner-token.age b/secrets/forgejo-runner-token.age new file mode 100644 index 0000000..341976d --- /dev/null +++ b/secrets/forgejo-runner-token.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 05IAmg 0fT/AGOz2xsryTG07UhKenXN+i37xIbqvPOiVp4V+Hk +UF31C7L+jGnq5JZq0fXraMWQnX1pxOyOlbBdbMeTpRs +-> ssh-ed25519 HC8P8A BxIB5/3ZSATlbN1NQ2AVb+0kSPBDvJ6J/idzB3f9szY +9XaHx1oYpA6ZOhswkfjT+RykxPqYZau8hFpy0uVGNvM +-> ssh-ed25519 sItgaw CMhfAaNrmCn1mHl0pVky6atWLou2ZRdnO28uPqODlG8 +PJ7mM77noFf7aphB2M/DYhC/VT9jrF+rC+DUR7S4L2A +-> ssh-ed25519 YQNd1g Gnn7hYsT+H1N1qPHAYlwUcyeB7/fhcuZh+sdOQdbWSI +kSKuS4U+K0wkuv0q+Z73268P9WPO2aBBbcaXVXKQ7Ow +--- NJPyl7Yv6GeED9Cc/a6anrnBIFlEDtq/mT6wHI9DyVg +ӀpR]]$A% $ÖMC=hE/ǖU0C_a/'{ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 920b02e..858639b 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -12,4 +12,5 @@ in { "discord-autodelete-config.age".publicKeys = niks ++ chmura; "eturnal-turn-secret.age".publicKeys = niks ++ chmura; "firefox-syncserver-secrets.age".publicKeys = niks ++ chmura; + "forgejo-runner-token.age".publicKeys = niks ++ chmura; }