From 4c6f30b0996f9637d32016fbf61f6e26c7b3e80c Mon Sep 17 00:00:00 2001 From: Aleksandr Lebedev Date: Tue, 7 Oct 2025 01:24:26 +0200 Subject: [PATCH] Forgejo runner --- .../nixos/programs/sops/secrets/secrets.yaml | 5 +-- .../stargate/services/forgejo.nix | 31 +++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/modules/nixos/programs/sops/secrets/secrets.yaml b/modules/nixos/programs/sops/secrets/secrets.yaml index 2d5ca73..3d94719 100644 --- a/modules/nixos/programs/sops/secrets/secrets.yaml +++ b/modules/nixos/programs/sops/secrets/secrets.yaml @@ -10,6 +10,7 @@ services: jellyfin: ENC[AES256_GCM,data:/a+Q7io2kDjXrchXJlAt2hmgTMRx+fwPyrHH4d9PW1qQcEfCMBf0Erbzkq9m3iikASwfWr/ROfFY28yNN55zGPxZVcS2RzCv3Y6RH3ECEMf0N6Kl9H8h1vOGK/GoNDFyb66jN9qCPSHzU91Lm7trMebOLauDgKSigx3U9E91cVpNF2H7J2Q/kQzBqjUk2+9d3gUAokGJwIn2hvqPuSGsUEareaBB9KNFLsOhY7EJmPmVIbEPpAPxr9eikjCpd+f1uY4=,iv:4MsYjE7RnI2Y/4okcnmeunNJh3Qz/hMWW0/1UBjXENg=,tag:y4n3v+L3163GJYVWolLKFA==,type:str] forgejo: mailer: ENC[AES256_GCM,data:1N8tTi32+gKkNaCBq2obEpi6lXqUf9XalFc=,iv:5V3OIZcyCN+S4BD45pvu93MHSEUmE++cP7TWiwK3w1s=,tag:IrHtpjWQ1zELWzmxmfL59Q==,type:str] + runner: ENC[AES256_GCM,data:HX5DCfSidpX2E8EgAcCYBP8fxWy21ET5IZ7BjTQed3o41SSd6038+aYwyGjGGQ==,iv:tKhDQoTKPOiykpg47NWO5ionBwUpKc7BmIMhsBptQZg=,tag:FWs+DItq4mQyC81G4IIVNg==,type:str] gitlab: dbPassword: ENC[AES256_GCM,data:itn9xyNZO+xkSk0GKvLzjLRzM0uZ+TalqLtj6tyjKXM=,iv:U8bX/On89wz6Lz4R2/fZ+FWRObehlnjFhUQdAhmxb60=,tag:oEbee14jCGfRs8i5bJZ5FA==,type:str] rootPassword: ENC[AES256_GCM,data:lXq+GIn6ooTzZL4iMYFzx3kn8gdcdsNaLQ/zVCr75Nw=,iv:mGp9gxL9uABpbod/ZNNyEllBbcfrQuFG4pQgs0v/xbk=,tag:CZzj4hauh/Qi8fvtmaZ/KQ==,type:str] @@ -58,7 +59,7 @@ sops: MU43ZWEwMXEwdGx5d0hUNlhiaGdjWU0K9UoNQOnMxTy0KdfiYOgm0TxH5qFUV3gi f7z2RzR44ndf0nHwIzr8e1bmF9q5mc685Wq9qyM7aLCE+yUU/vUO7Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-06T21:10:00Z" - mac: ENC[AES256_GCM,data:wkP5oE4UkdzeQQtSgjlbG5L44IE64KKcjJjBunHIFu7Ga3t5exz4ZcpSP9yQPmiJfNak4VAtXgwHILtbCsQFrnBFMc8qC1wssjUQR8ObReRA75RJdbcMo1Vo2CEUaVrw0IatM4gRifec3o23rulbDIAuz0/boZuxPkN9ffto8iY=,iv:rA3irIX9BImkan6Oce9wm5aoFuHT3wrSgza62F33LlY=,tag:22wM1jwG8cXhhF+ySSYY4w==,type:str] + lastmodified: "2025-10-06T23:08:49Z" + mac: ENC[AES256_GCM,data:+BnoQNO6WLFKxPQmKR2XVAgwH4UY+VYtnvmE5Qz5OOk6IfQQnEea3IIHrcKojA2JwIS5BpdvnOtALar3dFl99UxP6Ff7OxR5fUv/QOxoCXSdNC0L61F3GY60qRwPwyj5Fq052ZjvL5gQ0dZVblLtZksNvDZXQ9gF1CKef689l1s=,iv:poB1TfxYWIfRvdDdi8pp30vwRjf3MR55uHYWPk2JPi4=,tag:Kse/zReeQWaOwT744A3TCQ==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/systems/x86_64-linux/stargate/services/forgejo.nix b/systems/x86_64-linux/stargate/services/forgejo.nix index b60d4fd..1654655 100644 --- a/systems/x86_64-linux/stargate/services/forgejo.nix +++ b/systems/x86_64-linux/stargate/services/forgejo.nix @@ -52,8 +52,39 @@ in { }; }; + services.gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances.default = { + enable = true; + name = "stargate"; + url = "https://git.kylekrein.com"; + # gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml + settings = { + runner = { + capacity = 4; + }; + }; + # Obtaining the path to the runner token file may differ + # tokenFile should be in format TOKEN=, since it's EnvironmentFile for systemd + tokenFile = config.sops.secrets."services/forgejo/runner".path; + hostPackages = with pkgs; [ + nix + ]; + labels = [ + #"ubuntu-latest:docker://node:16-bullseye" + ## optionally provide native execution on the host: + "native:host" + "nixos:host" + ]; + }; + }; + sops.secrets."services/forgejo/mailer" = { mode = "400"; owner = "forgejo"; }; + sops.secrets."services/forgejo/runner" = { + mode = "400"; + owner = "forgejo"; + }; }