From a94f17ff9afeb316840e328105dcf7b055595ea2 Mon Sep 17 00:00:00 2001 From: teesh3rt Date: Tue, 10 Feb 2026 16:10:17 +0200 Subject: [PATCH] feat: add forgejo runners for cicd --- modules/server/{ => forgejo}/forgejo.nix | 0 modules/server/forgejo/runners.nix | 32 ++++++++++++++++++++++++ secrets.yaml | 6 +++-- 3 files changed, 36 insertions(+), 2 deletions(-) rename modules/server/{ => forgejo}/forgejo.nix (100%) create mode 100644 modules/server/forgejo/runners.nix diff --git a/modules/server/forgejo.nix b/modules/server/forgejo/forgejo.nix similarity index 100% rename from modules/server/forgejo.nix rename to modules/server/forgejo/forgejo.nix diff --git a/modules/server/forgejo/runners.nix b/modules/server/forgejo/runners.nix new file mode 100644 index 0000000..bf21128 --- /dev/null +++ b/modules/server/forgejo/runners.nix @@ -0,0 +1,32 @@ +inp: { + flake.modules.nixos.server = { + pkgs, + config, + lib, + ... + }: { + sops.secrets."forgejo/token" = {}; + + services.gitea-actions-runner = lib.mkIf config.services.forgejo.enable { + package = pkgs.forgejo-runner; + instances.default = { + enable = true; + name = "monolith"; + url = "https://git.${inp.config.flake.meta.web.domain.domain}"; + # Obtaining the path to the runner token file may differ + # tokenFile should be in format TOKEN=, since it's EnvironmentFile for systemd + tokenFile = "/run/secrets/forgejo/token"; + labels = [ + "ubuntu-latest:docker://node:16-bullseye" + "ubuntu-22.04:docker://node:16-bullseye" + "ubuntu-20.04:docker://node:16-bullseye" + "ubuntu-18.04:docker://node:16-buster" + ## optionally provide native execution on the host: + # "native:host" + ]; + }; + }; + + virtualisation.docker.enable = true; + }; +} diff --git a/secrets.yaml b/secrets.yaml index edc73a5..23deffb 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -7,6 +7,8 @@ copyparty: cloudflare: copyparty: ENC[AES256_GCM,data:SK8qhyjIiOsKzZsnh8W8/BRJmbHoLA6rCGGUzKb9ucbTiiCUhfnaR7A/0SSKKecrMwTmuCos0WnEUe0ixGWJcHncEoLpMyAQMfmL81wbyfDhkxrEjc77aSRomAqM9X/jWg3ocp4oxKKUkEfnnKUqkv4vse+J/lBZjlOoTtwiPoJ1V/GL2JKru/f/LoERQqCEaAqMnQeXJyi/5pf4wPCKLbRQxZ1LCmxeyMMRU0FgOQ==,iv:HqAmQR1SMd4D3uf0eSCfKBCO61mM/Zdfiv/RBlaiJkc=,tag:7ESjgrqkG9RWDAmV/2wGdA==,type:str] git: ENC[AES256_GCM,data:QxpLDjVsPiIxSKq6hWUOBS0wWxZ2ccLmSYQA64U3n+Y42Uuaf92pJHt3CQ2ZSaIXWbgpVotln/vBexRA1RH4ZpF5vwyYX1XUwCisv3qdkS/P4/kZIt8TtdvYV1pVwxZRqm58aA0L4ZuNk0q5a1tscrXtLVJ2+uvF9we6Oloz5uMA+XCBwzkqo6Ucbc/47gbUPTRSzMRpY1n8ma71NiensFn0lGtyWfB7TW26pLbSVg==,iv:mZmufTufxBuRkE0YNBwRNV4Shq1Uq2r+MzsNuzPkzQI=,tag:igtKa2VSLBjY9eKWONoKOg==,type:str] +forgejo: + token: ENC[AES256_GCM,data:3bsyRuBeK7+Blph3YUFB92b1pWgLcSUjy5j+2KfigaFubHs6c26zAEuH0bKBZg==,iv:lAJWyZlaV1hP6W6Y2ZkMfFFACcGjnHW/pNuXgPSOLlU=,tag:POmNl8JIidEoHhnjaqqz4A==,type:str] sops: age: - recipient: age1fdrtfvf3ywarc4sq7jjc5d6elas3fr73cfenkkyyj0ck6z9x2d0qlpn92h @@ -36,7 +38,7 @@ sops: MFp0UW1HSW9MbmppcHlNM25CaFhqOWcKppF0dE4YNh+mN1tyZju4zxM6ZFBSKx9U cGYtUemtt4s9ko3hPt8ZM/ysKOeZgnYoeG7QQnwSoF3F+/gurvb0Bg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-06T19:57:02Z" - mac: ENC[AES256_GCM,data:SWd5spIxeazSCT6L28UpTzPbnOInunxUy1XahAnP8Z1PmWo1yib56cazi4EGjE4gT3c2kHDcyTTPxj8FEDGHVWfQ3TFtFGMFEBWetC0TUTx7iLcSBCYue3LKtcabIkhsbl01VG5DR/srGWNao0hqp6oMPhsm4dE4DnvKXdJMlWw=,iv:nS/FsHnQuowQLeW+oVnFoLFtY+ZpqfEDfrQugLdNu4g=,tag:S+ncbjxItjzp3ts96O0t3w==,type:str] + lastmodified: "2026-02-10T14:02:32Z" + mac: ENC[AES256_GCM,data:k7Q1vKz+OApin8eUUf6t87JWeXrryG5eK2MMA7uOKVG303aoZ6Th/0LhVq/0uHADZFQDvY3if+CbTcKt1kydVLzHY60zFsRHb1pea7hT0/VQ7LU5PmaNxCkN6YvLfDfHanZ24CcH4dU6RM70VTgy1Dv20rl9EBjv8wIByPFlu9M=,iv:VAAD+AxEOn9akFJZfkwJ7ylbs2PaGspDxvSrXbIXHD0=,tag:xDHbYEgkClGnvsDexs82Yw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0