big forgejo update

updates some settings, disables registration and adds a working forgejo
runner !!!

hosts/chmura/services/forgejo.nix

@@ -1,26 +1,66 @@
 {
     config,
+    pkgs,
     ...
 }: {
-    services.forgejo = {
+    age.secrets.forgejo-runner-token.file = ../../../secrets/forgejo-runner-token.age;
-        enable = true;
-        lfs.enable = true;
-        database.type = "postgres";
-        dump = {
-            enable = true;
-            type = "tar.xz";
-        };
-        settings = {
-            DEFAULT = {
-                APP_NAME = "fuck it we code";
-            };
 
-            server = rec {
+    services = {
-                DOMAIN = "git.jacekpoz.pl";
+        forgejo = {
-                HTTP_PORT = 1849;
+            enable = true;
-                PROTOCOL = "http";
+            lfs.enable = true;
-                SSH_PORT = 8236;
+            database.type = "postgres";
-                ROOT_URL = "${PROTOCOL}://${DOMAIN}/";
+            dump = {
+                enable = true;
+                type = "tar.xz";
+            };
+            settings = {
+                DEFAULT = {
+                    APP_NAME = "fuck it we code";
+                };
+
+                server = rec {
+                    DOMAIN = "git.jacekpoz.pl";
+                    HTTP_PORT = 1849;
+                    PROTOCOL = "http";
+                    SSH_PORT = 8236;
+                    ROOT_URL = "${PROTOCOL}://${DOMAIN}/";
+                };
+                service = {
+                    DISABLE_REGISTRATION = true;
+                };
+                actions = {
+                    ENABLED = true;
+                    DEFAULT_ACTIONS_URL = "https://code.forgejo.org";
+                };
+                federation = {
+                    ENABLED = true;
+                };
+            };
+        };
+        gitea-actions-runner = {
+            package = pkgs.forgejo-runner;
+            instances = {
+                chmura = {
+                    enable = true;
+                    name = config.networking.hostName;
+                    url = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
+                    tokenFile = config.age.secrets.forgejo-runner-token.path;
+                    labels = [
+                        "native:host"
+                    ];
+                    settings = {
+                        log.level = "info";
+                        runner = {
+                            file = ".runner";
+                            capacity = 2;
+                            timeout = "3h";
+                            insecure = false;
+                            fetch_timeout = "5s";
+                            fetch_interval = "2s";
+                        };
+                    };
+                };
             };
         };
     };

secrets/forgejo-runner-token.age

@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 05IAmg 0fT/AGOz2xsryTG07UhKenXN+i37xIbqvPOiVp4V+Hk
+UF31C7L+jGnq5JZq0fXraMWQnX1pxOyOlbBdbMeTpRs
+-> ssh-ed25519 HC8P8A BxIB5/3ZSATlbN1NQ2AVb+0kSPBDvJ6J/idzB3f9szY
+9XaHx1oYpA6ZOhswkfjT+RykxPqYZau8hFpy0uVGNvM
+-> ssh-ed25519 sItgaw CMhfAaNrmCn1mHl0pVky6atWLou2ZRdnO28uPqODlG8
+PJ7mM77noFf7aphB2M/DYhC/VT9jrF+rC+DUR7S4L2A
+-> ssh-ed25519 YQNd1g Gnn7hYsT+H1N1qPHAYlwUcyeB7/fhcuZh+sdOQdbWSI
+kSKuS4U+K0wkuv0q+Z73268P9WPO2aBBbcaXVXKQ7Ow
+--- NJPyl7Yv6GeED9Cc/a6anrnBIFlEDtq/mT6wHI9DyVg
+ööÓ€ÛpR]]ùý­î$A%±·Ò$ÖMCœôÞ=¹ÒhE/µÄ<0F>îöÇ–’ÛU¤²ì²à€0C_a„/û–‚'Ö{ÌÆ

secrets/secrets.nix

@@ -12,4 +12,5 @@ in {
     "discord-autodelete-config.age".publicKeys = niks ++ chmura;
     "eturnal-turn-secret.age".publicKeys = niks ++ chmura;
     "firefox-syncserver-secrets.age".publicKeys = niks ++ chmura;
+    "forgejo-runner-token.age".publicKeys = niks ++ chmura;
 }