Add forgejo runner

2025-07-30 19:47:47 +00:00 · 2024-02-07 12:46:48 +03:00 · 2024-02-07 12:46:48 +03:00 · 8dfcd01ce5
commit 8dfcd01ce5
parent 7236216e85
5 changed files with 73 additions and 7 deletions
--- a/hosts/cube/forgejo.nix
+++ b/hosts/cube/forgejo.nix
@ -1,4 +1,4 @@
-{ config, ulib, ... }: with ulib;
+{ config, ulib, pkgs, ... }: with ulib;
 let
  inherit (config.networking) domain;
@ -6,6 +6,7 @@ let
  fqdn = "git.${domain}";
 in serverSystemConfiguration {
  age.secrets."cube/password.mail.forgejo".owner   = "forgejo";
  age.secrets."cube/password.runner.forgejo".owner = "forgejo";
  services.postgresql = {
    ensureDatabases = [ "forgejo" ];
@ -15,6 +16,46 @@ in serverSystemConfiguration {
    }];
  };
  users.groups.gitea-runner = {};
  users.users.gitea-runner  = systemUser {
    extraGroups = [ "docker" ];
    group       = "gitea-runner";
    home        = "/var/lib/gitea-runner";
  };
  services.gitea-actions-runner = {
    package = pkgs.forgejo-actions-runner;
    instances.runner-01 = enabled {
      name = "runner-01";
      url  = fqdn;
      labels = [
        "debian-latest:docker://node:18-bullseye"
        "ubuntu-latest:docker://node:18-bullseye"
        "act:docker://ghcr.io/catthehacker/ubuntu:act-latest"
      ];
      tokenFile = config.age.secrets."cube/password.runner.forgejo".path;
      settings = {
        cache.enabled     = true;
        capacity          = 4;
        container.network = "host";
      };
      hostPackages = with pkgs; [
        bash
        coreutils
        curl
        gitMinimal
        sudo
        wget
      ];
    };
  };
  services.forgejo = enabled {
    lfs = enabled {};
@ -30,10 +71,10 @@ in serverSystemConfiguration {
    in {
      default.APP_NAME = description;
-      # actions = {
+      actions = {
-      #   ENABLED = true;
+        ENABLED = true;
-      #   DEFAULT_ACTIONS_URL = "https://${fqdn}";
+        DEFAULT_ACTIONS_URL = "https://${fqdn}";
-      # };
+      };
      attachment.ALLOWED_TYPES = "*/*";
--- a/hosts/cube/podman.nix
+++ b/hosts/cube/podman.nix
@ -0,0 +1,15 @@
 { ulib, ... }: with ulib;
 serverSystemConfiguration {
  virtualisation.podman = enabled {
    dockerCompat = true;
    dockerSocket = enabled {};
    defaultNetwork.settings.dns_enabled = true;
    autoPrune = enabled {
      dates = "daily";
      flags = [ "--all" ];
    };
  };
 }
--- a/lib/values.nix
+++ b/lib/values.nix
@ -7,6 +7,10 @@
    isNormalUser = true;
  };
  systemUser = attributes: attributes // {
    isSystemUser = true;
  };
  graphicalUser = attributes: attributes // {
    isNormalUser = true;
    extraGroups  = [ "graphical" ] ++ attributes.extraGroups or []; 
--- a/secrets/cube/password.runner.forgejo.age
+++ b/secrets/cube/password.runner.forgejo.age
@ -0,0 +1,5 @@
 age-encryption.org/v1
 -> ssh-ed25519 +rZ0Tw rraoMjYwD6IIkmgyiDKlij2+bLqY5PNyMU5IPQ4mvjI
 /yttaAf7neHJ69LYh6p33gRBXIZA4oxWS5DDMnfOhhM
 --- o+/I/vPxFdL9orC3PsBTazOrwG6Le8uLMUYiHE4XMj8
 ¬¨<EFBFBD>
±]}ÍWž{[a'mdú€AÈU‰Ô¬ì7z*ÌY9"èÍ|±1dvùQxcŸ¶Ç“<C387>à"®0ñÆÔpÖò¿Œr½:ÇÅÑ
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -16,6 +16,7 @@ in with keys; {
  "cube/password.acme.age".publicKeys = key cube;
  "cube/password.mail.forgejo.age".publicKeys   = key cube;
  "cube/password.runner.forgejo.age".publicKeys = key cube;
  "cube/password.grafana.age".publicKeys      = key cube;
  "cube/password.mail.grafana.age".publicKeys = key cube;