diff --git a/secrets/etna/forgejoRunnerSecret.age b/secrets/etna/forgejoRunnerSecret.age new file mode 100644 index 0000000..e592412 --- /dev/null +++ b/secrets/etna/forgejoRunnerSecret.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1WnZ4dWtjU2JBQ3JDRktR +K2RDMktEcDdyOGIyOVZ0VGppVm9iRW5kaGlzCno3eXFlc2U2Z3J4TzNIblFiMGlR +N1FCQnRTcDkxdzhGZkg0WFdqQ2ZpUmMKLT4gWDI1NTE5IC9WbG5iYjdiUFMwNnJK +QnMwUVordXNGRmlsWXRUNEk4Y1ZSVEV1VzNuVzQKUVZZdStyRGhIdE5oUk5sMTVO +blVuV2MrejBNNmVhSzdqRmlJYmVlNTlEZwotPiBYMjU1MTkgVTAxKzhxU1JNSWRn +KzVocEY2ODV2YmxMVk5TRGZyanJjZUFiNjFVMDUyRQpMY0JUU29CeWN1OUM5T2tS +MVlJYm9MQ3ZvT2VyQXRJanRpMVFWTlJNVENBCi0tLSAyTVplNGFzMm93b1pFVTEr +MlhKelpvT3dQTWxNNXpqNTdIdHBCbEUrRTZBChSSgqcbi9is6ISM4n0UeA/tsXgM +6mFlP8XO7o3FWHMvv84gK2861kG8hlITXjAFdsSIkUoA31O45hlr9b6+A/b8M7lu +PZYdP9leVeh/Dxk= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ee07cd5..dc42b80 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -26,4 +26,5 @@ in { "etna/nextcloudAdminPass.age".publicKeys = main ++ [etna]; "etna/turnstileSecret.age".publicKeys = main ++ [etna]; "etna/navidromeEnv.age".publicKeys = main ++ [etna]; + "etna/forgejoRunnerSecret.age".publicKeys = main ++ [etna]; } diff --git a/systems/etna/default.nix b/systems/etna/default.nix index 830582a..b31d207 100644 --- a/systems/etna/default.nix +++ b/systems/etna/default.nix @@ -76,4 +76,9 @@ in { "cloudflared-tunnel-${tunnelId}".serviceConfig.RestartSec = "10s"; frp.serviceConfig.EnvironmentFile = secrets.get "frpToken"; }; + + virtualisation = { + docker.enable = true; + oci-containers.backend = "docker"; + }; } diff --git a/systems/etna/forgejo.nix b/systems/etna/forgejo.nix index 170fb8e..0efa480 100644 --- a/systems/etna/forgejo.nix +++ b/systems/etna/forgejo.nix @@ -1,14 +1,18 @@ { + pkgs, config, _utils, ... }: let - turnstileSecret = _utils.setupSingleSecret config "turnstileSecret" { - owner = "forgejo"; - group = "forgejo"; + secrets = _utils.setupSecrets config { + secrets = ["turnstileSecret" "forgejoRunnerSecret"]; + extra = { + owner = "forgejo"; + group = "forgejo"; + }; }; in { - imports = [turnstileSecret.generate]; + imports = [secrets.generate]; cfTunnels."git.uku3lig.net" = "http://localhost:3000"; @@ -22,7 +26,7 @@ in { }; secrets = { - service.CF_TURNSTILE_SECRET = turnstileSecret.path; + service.CF_TURNSTILE_SECRET = secrets.get "turnstileSecret"; }; settings = { @@ -48,7 +52,10 @@ in { ENABLED = true; }; - actions.ENABLED = false; + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "https://github.com"; + }; "ui.meta" = { AUTHOR = "uku's forge"; @@ -61,6 +68,28 @@ in { }; }; + gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances.etna = { + enable = true; + name = "etna"; + url = "https://git.uku3lig.net"; + tokenFile = secrets.get "forgejoRunnerSecret"; + labels = [ + "ubuntu-latest:docker://catthehacker/ubuntu:act-latest" + ]; + + settings = { + log.level = "info"; + runner = { + capacity = 4; + timeout = "2h"; + insecure = false; + }; + }; + }; + }; + frp.settings.proxies = [ { name = "forgejo-ssh"; diff --git a/systems/etna/minecraft.nix b/systems/etna/minecraft.nix index ffc16e2..9c7ec0f 100644 --- a/systems/etna/minecraft.nix +++ b/systems/etna/minecraft.nix @@ -44,8 +44,6 @@ in { lynn ]; - virtualisation.oci-containers.backend = "docker"; - systemd.services.restart-minecraft-servers = { wantedBy = ["multi-user.target"]; script = ''