feat(etna): add forgejo actions runner

2024-08-29 11:46:38 +02:00 · 2024-08-29 11:46:38 +02:00 · b05e570f3b
commit b05e570f3b
parent 9ab95ffdf6
5 changed files with 53 additions and 8 deletions
--- a/secrets/etna/forgejoRunnerSecret.age
+++ b/secrets/etna/forgejoRunnerSecret.age
@ -0,0 +1,12 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1WnZ4dWtjU2JBQ3JDRktR
+K2RDMktEcDdyOGIyOVZ0VGppVm9iRW5kaGlzCno3eXFlc2U2Z3J4TzNIblFiMGlR
+N1FCQnRTcDkxdzhGZkg0WFdqQ2ZpUmMKLT4gWDI1NTE5IC9WbG5iYjdiUFMwNnJK
+QnMwUVordXNGRmlsWXRUNEk4Y1ZSVEV1VzNuVzQKUVZZdStyRGhIdE5oUk5sMTVO
+blVuV2MrejBNNmVhSzdqRmlJYmVlNTlEZwotPiBYMjU1MTkgVTAxKzhxU1JNSWRn
+KzVocEY2ODV2YmxMVk5TRGZyanJjZUFiNjFVMDUyRQpMY0JUU29CeWN1OUM5T2tS
+MVlJYm9MQ3ZvT2VyQXRJanRpMVFWTlJNVENBCi0tLSAyTVplNGFzMm93b1pFVTEr
+MlhKelpvT3dQTWxNNXpqNTdIdHBCbEUrRTZBChSSgqcbi9is6ISM4n0UeA/tsXgM
+6mFlP8XO7o3FWHMvv84gK2861kG8hlITXjAFdsSIkUoA31O45hlr9b6+A/b8M7lu
+PZYdP9leVeh/Dxk=
+-----END AGE ENCRYPTED FILE-----
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -26,4 +26,5 @@ in {
  "etna/nextcloudAdminPass.age".publicKeys = main ++ [etna];
  "etna/turnstileSecret.age".publicKeys = main ++ [etna];
  "etna/navidromeEnv.age".publicKeys = main ++ [etna];
+  "etna/forgejoRunnerSecret.age".publicKeys = main ++ [etna];
 }
--- a/systems/etna/default.nix
+++ b/systems/etna/default.nix
@ -76,4 +76,9 @@ in {
    "cloudflared-tunnel-${tunnelId}".serviceConfig.RestartSec = "10s";
    frp.serviceConfig.EnvironmentFile = secrets.get "frpToken";
  };
+
+  virtualisation = {
+    docker.enable = true;
+    oci-containers.backend = "docker";
+  };
 }
--- a/systems/etna/forgejo.nix
+++ b/systems/etna/forgejo.nix
@ -1,14 +1,18 @@
 {
+  pkgs,
  config,
  _utils,
  ...
 }: let
-  turnstileSecret = _utils.setupSingleSecret config "turnstileSecret" {
-    owner = "forgejo";
-    group = "forgejo";
+  secrets = _utils.setupSecrets config {
+    secrets = ["turnstileSecret" "forgejoRunnerSecret"];
+    extra = {
+      owner = "forgejo";
+      group = "forgejo";
+    };
  };
 in {
-  imports = [turnstileSecret.generate];
+  imports = [secrets.generate];

  cfTunnels."git.uku3lig.net" = "http://localhost:3000";

@ -22,7 +26,7 @@ in {
      };

      secrets = {
-        service.CF_TURNSTILE_SECRET = turnstileSecret.path;
+        service.CF_TURNSTILE_SECRET = secrets.get "turnstileSecret";
      };

      settings = {
@ -48,7 +52,10 @@ in {
          ENABLED = true;
        };

-        actions.ENABLED = false;
+        actions = {
+          ENABLED = true;
+          DEFAULT_ACTIONS_URL = "https://github.com";
+        };

        "ui.meta" = {
          AUTHOR = "uku's forge";
@ -61,6 +68,28 @@ in {
      };
    };

+    gitea-actions-runner = {
+      package = pkgs.forgejo-actions-runner;
+      instances.etna = {
+        enable = true;
+        name = "etna";
+        url = "https://git.uku3lig.net";
+        tokenFile = secrets.get "forgejoRunnerSecret";
+        labels = [
+          "ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
+        ];
+
+        settings = {
+          log.level = "info";
+          runner = {
+            capacity = 4;
+            timeout = "2h";
+            insecure = false;
+          };
+        };
+      };
+    };
+
    frp.settings.proxies = [
      {
        name = "forgejo-ssh";
--- a/systems/etna/minecraft.nix
+++ b/systems/etna/minecraft.nix
@ -44,8 +44,6 @@ in {
    lynn
  ];

-  virtualisation.oci-containers.backend = "docker";
-
  systemd.services.restart-minecraft-servers = {
    wantedBy = ["multi-user.target"];
    script = ''