kylekrein/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Forgejo runner

Browse source
This commit is contained in:
Aleksandr Lebedev 2025-10-07 01:24:26 +02:00
parent 858a25b692
commit 4c6f30b099
2 changed files with 34 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/nixos/programs/sops/secrets/secrets.yaml
View file

@ -10,6 +10,7 @@ services:
jellyfin: ENC[AES256_GCM,data:/a+Q7io2kDjXrchXJlAt2hmgTMRx+fwPyrHH4d9PW1qQcEfCMBf0Erbzkq9m3iikASwfWr/ROfFY28yNN55zGPxZVcS2RzCv3Y6RH3ECEMf0N6Kl9H8h1vOGK/GoNDFyb66jN9qCPSHzU91Lm7trMebOLauDgKSigx3U9E91cVpNF2H7J2Q/kQzBqjUk2+9d3gUAokGJwIn2hvqPuSGsUEareaBB9KNFLsOhY7EJmPmVIbEPpAPxr9eikjCpd+f1uY4=,iv:4MsYjE7RnI2Y/4okcnmeunNJh3Qz/hMWW0/1UBjXENg=,tag:y4n3v+L3163GJYVWolLKFA==,type:str]
forgejo:
mailer: ENC[AES256_GCM,data:1N8tTi32+gKkNaCBq2obEpi6lXqUf9XalFc=,iv:5V3OIZcyCN+S4BD45pvu93MHSEUmE++cP7TWiwK3w1s=,tag:IrHtpjWQ1zELWzmxmfL59Q==,type:str]
runner: ENC[AES256_GCM,data:HX5DCfSidpX2E8EgAcCYBP8fxWy21ET5IZ7BjTQed3o41SSd6038+aYwyGjGGQ==,iv:tKhDQoTKPOiykpg47NWO5ionBwUpKc7BmIMhsBptQZg=,tag:FWs+DItq4mQyC81G4IIVNg==,type:str]
gitlab:
dbPassword: ENC[AES256_GCM,data:itn9xyNZO+xkSk0GKvLzjLRzM0uZ+TalqLtj6tyjKXM=,iv:U8bX/On89wz6Lz4R2/fZ+FWRObehlnjFhUQdAhmxb60=,tag:oEbee14jCGfRs8i5bJZ5FA==,type:str]
rootPassword: ENC[AES256_GCM,data:lXq+GIn6ooTzZL4iMYFzx3kn8gdcdsNaLQ/zVCr75Nw=,iv:mGp9gxL9uABpbod/ZNNyEllBbcfrQuFG4pQgs0v/xbk=,tag:CZzj4hauh/Qi8fvtmaZ/KQ==,type:str]
@ -58,7 +59,7 @@ sops:
MU43ZWEwMXEwdGx5d0hUNlhiaGdjWU0K9UoNQOnMxTy0KdfiYOgm0TxH5qFUV3gi
f7z2RzR44ndf0nHwIzr8e1bmF9q5mc685Wq9qyM7aLCE+yUU/vUO7Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-06T21:10:00Z"
mac: ENC[AES256_GCM,data:wkP5oE4UkdzeQQtSgjlbG5L44IE64KKcjJjBunHIFu7Ga3t5exz4ZcpSP9yQPmiJfNak4VAtXgwHILtbCsQFrnBFMc8qC1wssjUQR8ObReRA75RJdbcMo1Vo2CEUaVrw0IatM4gRifec3o23rulbDIAuz0/boZuxPkN9ffto8iY=,iv:rA3irIX9BImkan6Oce9wm5aoFuHT3wrSgza62F33LlY=,tag:22wM1jwG8cXhhF+ySSYY4w==,type:str]
lastmodified: "2025-10-06T23:08:49Z"
mac: ENC[AES256_GCM,data:+BnoQNO6WLFKxPQmKR2XVAgwH4UY+VYtnvmE5Qz5OOk6IfQQnEea3IIHrcKojA2JwIS5BpdvnOtALar3dFl99UxP6Ff7OxR5fUv/QOxoCXSdNC0L61F3GY60qRwPwyj5Fq052ZjvL5gQ0dZVblLtZksNvDZXQ9gF1CKef689l1s=,iv:poB1TfxYWIfRvdDdi8pp30vwRjf3MR55uHYWPk2JPi4=,tag:Kse/zReeQWaOwT744A3TCQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

31
systems/x86_64-linux/stargate/services/forgejo.nix
View file

@ -52,8 +52,39 @@ in {
};
};
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true;
name = "stargate";
url = "https://git.kylekrein.com";
# gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
settings = {
runner = {
capacity = 4;
};
};
# Obtaining the path to the runner token file may differ
# tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
tokenFile = config.sops.secrets."services/forgejo/runner".path;
hostPackages = with pkgs; [
nix
];
labels = [
#"ubuntu-latest:docker://node:16-bullseye"
## optionally provide native execution on the host:
"native:host"
"nixos:host"
];
};
};
sops.secrets."services/forgejo/mailer" = {
mode = "400";
owner = "forgejo";
};
sops.secrets."services/forgejo/runner" = {
mode = "400";
owner = "forgejo";
};
}