dot013/spacestation
1
0
Fork 0
Code Issues Pull Requests Activity

feat(capytal,forgejo): set up forgejo actions runner

Browse Source
This commit is contained in:
Guz
2025-09-25 14:53:50 -03:00
parent 8c63ed19ae
commit eda2dd1989
5 changed files with 40 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
capytal/forgejo.nix
View File

@@ -15,6 +15,10 @@ in {
DEFAULT = { DEFAULT = {
APP_NAME = "Capytal Code"; APP_NAME = "Capytal Code";
}; };
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "https://data.forgejo.org";
};
admin = { admin = {
DISABLE_REGULAR_ORG_CREATION = true; DISABLE_REGULAR_ORG_CREATION = true;
USER_DISABLED_FEATURES = "deletion manage_ssh_keys manage_gpg_keys"; USER_DISABLED_FEATURES = "deletion manage_ssh_keys manage_gpg_keys";
@@ -63,6 +67,23 @@ in {
}; };
}; };
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances = {
"forgejo-runner-1" = {
enable = true;
name = "Forgejo Runner (${config.networking.hostName}) 1";
url = config.services.forgejo.settings.server.ROOT_URL;
tokenFile = config.sops.secrets."forgejo/actions/token".path;
labels = [
"alpine-3.22:docker://data.forgejo.org/oci/alpine:3.22"
"golang-1.24:docker://data.forgejo.org/oci/golang:1.24-alpine3.22"
"node-24:docker://node:24-bullseye"
];
};
};
};
users.users."${cfg.user}".packages = [ users.users."${cfg.user}".packages = [
(pkgs.symlinkJoin { (pkgs.symlinkJoin {
paths = [pkgs.forgejo]; paths = [pkgs.forgejo];

1
common/default.nix
View File

@@ -4,5 +4,6 @@
./cloudflare.nix ./cloudflare.nix
./garage.nix ./garage.nix
./postgresql.nix ./postgresql.nix
./virtualisation.nix
]; ];
} }

13
common/virtualisation.nix Normal file
View File

@@ -0,0 +1,13 @@
{...}: {
virtualisation = {
oci-containers = {
backend = "podman";
};
podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
};
docker.enable = false;
};
}

8
secrets.nix
View File

@@ -32,13 +32,7 @@ with lib; {
"forgejo/s3/secret" = mkIf config.services.forgejo.enable { "forgejo/s3/secret" = mkIf config.services.forgejo.enable {
owner = config.services.forgejo.user; owner = config.services.forgejo.user;
}; };
"forgejo/user1/name" = mkIf config.services.forgejo.enable { "forgejo/actions/token" = mkIf config.services.forgejo.enable {
owner = config.services.forgejo.user;
};
"forgejo/user1/password" = mkIf config.services.forgejo.enable {
owner = config.services.forgejo.user;
};
"forgejo/user1/email" = mkIf config.services.forgejo.enable {
owner = config.services.forgejo.user; owner = config.services.forgejo.user;
}; };

6
secrets.yaml
View File

@@ -11,6 +11,8 @@ forgejo:
name: ENC[AES256_GCM,data:UL3g,iv:+ftGx57fhzN06DuLItxZTc7lXX2g4MhqrEqnDjk4Aug=,tag:ZNpwWuPYhBzDjRQBKikCDA==,type:str] name: ENC[AES256_GCM,data:UL3g,iv:+ftGx57fhzN06DuLItxZTc7lXX2g4MhqrEqnDjk4Aug=,tag:ZNpwWuPYhBzDjRQBKikCDA==,type:str]
password: ENC[AES256_GCM,data:9nMuj2/VIB7Pbw==,iv:+96/NZ+gmRkpXr05nFuUfRl2rGqElUA/LuMBYBQHCHQ=,tag:hMEO40iGeyWsMd8VPOV4Yg==,type:str] password: ENC[AES256_GCM,data:9nMuj2/VIB7Pbw==,iv:+96/NZ+gmRkpXr05nFuUfRl2rGqElUA/LuMBYBQHCHQ=,tag:hMEO40iGeyWsMd8VPOV4Yg==,type:str]
email: ENC[AES256_GCM,data:e6GOwBzRBxa00CHYHgV8,iv:oerF3kJWzjzOatND8Tngp3MADw2kaBKyigeFxtH/ypQ=,tag:1q093JG9hRDxs6OzOIU3vw==,type:str] email: ENC[AES256_GCM,data:e6GOwBzRBxa00CHYHgV8,iv:oerF3kJWzjzOatND8Tngp3MADw2kaBKyigeFxtH/ypQ=,tag:1q093JG9hRDxs6OzOIU3vw==,type:str]
actions:
token: ENC[AES256_GCM,data:tjzIEA+TuwInBwfic7P6ZpN7XyQ2RWC7CZrGEjRtFR/Lj7xb4ysPfZ7d91AjNjw=,iv:e3nWZ3BvDeZvEUiJJ6h7u37UC4GZd/i582MRzE9pkyI=,tag:rZZnz5kGiLtCrUdNwgy8Xw==,type:str]
garage: garage:
admin_key: ENC[AES256_GCM,data:ORtjXzJrbWITofjNpVsTHE1gHcwNhBcbMNM=,iv:99XCuu5hGa3ZnAqbOsmgjeMouC8EnTzsJ0HuOoHwKEE=,tag:eJVx+A8MJ4g1xXr2F5hTkg==,type:str] admin_key: ENC[AES256_GCM,data:ORtjXzJrbWITofjNpVsTHE1gHcwNhBcbMNM=,iv:99XCuu5hGa3ZnAqbOsmgjeMouC8EnTzsJ0HuOoHwKEE=,tag:eJVx+A8MJ4g1xXr2F5hTkg==,type:str]
admin_secret: ENC[AES256_GCM,data:7hMOXJwIr0pkCFBBh5vnDy//R9UwD+eTlddT1VGOpqYaA0andf0jRfGOr0efcX0x/EvlDOrfFqn8ME8icZRRbw==,iv:KGxqXhzNWFWiwBHRSP+aov2fCNHgFuUtpBF4nd40mGw=,tag:ixcehvjzs6CfVyAAl315dw==,type:str] admin_secret: ENC[AES256_GCM,data:7hMOXJwIr0pkCFBBh5vnDy//R9UwD+eTlddT1VGOpqYaA0andf0jRfGOr0efcX0x/EvlDOrfFqn8ME8icZRRbw==,iv:KGxqXhzNWFWiwBHRSP+aov2fCNHgFuUtpBF4nd40mGw=,tag:ixcehvjzs6CfVyAAl315dw==,type:str]
@@ -40,7 +42,7 @@ sops:
amRmVkVoS2RqeEs3OXZVeTlsZUVEV28K1WcbGJHT8LMah5b7NN1psiucTl1OfZYO amRmVkVoS2RqeEs3OXZVeTlsZUVEV28K1WcbGJHT8LMah5b7NN1psiucTl1OfZYO
4T3RDSQMB3qj1TGQSdixjwRRKbMGtL3LXnvkNd+caVi5Z9OkF1O9Yg== 4T3RDSQMB3qj1TGQSdixjwRRKbMGtL3LXnvkNd+caVi5Z9OkF1O9Yg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-17T22:34:52Z" lastmodified: "2025-09-25T17:46:20Z"
mac: ENC[AES256_GCM,data:qCQgzoxRMowRqG8oWUGm3uryAh60HGjgUGsX6piZuBY1mrgzXABDE5AoD5YA5k7d2Nxv7Auzzz/xOSPUcxO+aqYDsjwu9bc6Sl6XzoR3SlFSl/PURPbfSmABlX0iJBfUcOtGlnIDPbIuHASRCFcRpuneQ3+VeQS6MaD5n7BBCRY=,iv:Br2T8/Wq44h6RzO9ht6bUthUt5yL/MFQME0LlTaO7gE=,tag:jdznhfhgBGfqi8hOVJhKkw==,type:str] mac: ENC[AES256_GCM,data:hhpkjsatbdCW/8Bdh4wy94IOoNBQjOqlVxlcVgi6QktDEJl53Dsti1zbsAD7H8Jes4gdl6zHQwaNIvbZlPtzKsm2ZkyIS20ylu+U/NS1PtzkKkKRFPwViEoDcykGPKvSl+9kITL9tkC5IyFIBrc23+w15csCGf5W+S/0E8tGMhg=,iv:HveYGhCDPOexZJzbbTdN+0WcwsbA6vS+qRed+NvEaeg=,tag:i0Q9IbFwRd4a0YIBM6Qfqw==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2