feat(etna): add forgejo actions runner
This commit is contained in:
parent
9ab95ffdf6
commit
b05e570f3b
5 changed files with 53 additions and 8 deletions
12
secrets/etna/forgejoRunnerSecret.age
Normal file
12
secrets/etna/forgejoRunnerSecret.age
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1WnZ4dWtjU2JBQ3JDRktR
|
||||||
|
K2RDMktEcDdyOGIyOVZ0VGppVm9iRW5kaGlzCno3eXFlc2U2Z3J4TzNIblFiMGlR
|
||||||
|
N1FCQnRTcDkxdzhGZkg0WFdqQ2ZpUmMKLT4gWDI1NTE5IC9WbG5iYjdiUFMwNnJK
|
||||||
|
QnMwUVordXNGRmlsWXRUNEk4Y1ZSVEV1VzNuVzQKUVZZdStyRGhIdE5oUk5sMTVO
|
||||||
|
blVuV2MrejBNNmVhSzdqRmlJYmVlNTlEZwotPiBYMjU1MTkgVTAxKzhxU1JNSWRn
|
||||||
|
KzVocEY2ODV2YmxMVk5TRGZyanJjZUFiNjFVMDUyRQpMY0JUU29CeWN1OUM5T2tS
|
||||||
|
MVlJYm9MQ3ZvT2VyQXRJanRpMVFWTlJNVENBCi0tLSAyTVplNGFzMm93b1pFVTEr
|
||||||
|
MlhKelpvT3dQTWxNNXpqNTdIdHBCbEUrRTZBChSSgqcbi9is6ISM4n0UeA/tsXgM
|
||||||
|
6mFlP8XO7o3FWHMvv84gK2861kG8hlITXjAFdsSIkUoA31O45hlr9b6+A/b8M7lu
|
||||||
|
PZYdP9leVeh/Dxk=
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
|
@ -26,4 +26,5 @@ in {
|
||||||
"etna/nextcloudAdminPass.age".publicKeys = main ++ [etna];
|
"etna/nextcloudAdminPass.age".publicKeys = main ++ [etna];
|
||||||
"etna/turnstileSecret.age".publicKeys = main ++ [etna];
|
"etna/turnstileSecret.age".publicKeys = main ++ [etna];
|
||||||
"etna/navidromeEnv.age".publicKeys = main ++ [etna];
|
"etna/navidromeEnv.age".publicKeys = main ++ [etna];
|
||||||
|
"etna/forgejoRunnerSecret.age".publicKeys = main ++ [etna];
|
||||||
}
|
}
|
||||||
|
|
|
@ -76,4 +76,9 @@ in {
|
||||||
"cloudflared-tunnel-${tunnelId}".serviceConfig.RestartSec = "10s";
|
"cloudflared-tunnel-${tunnelId}".serviceConfig.RestartSec = "10s";
|
||||||
frp.serviceConfig.EnvironmentFile = secrets.get "frpToken";
|
frp.serviceConfig.EnvironmentFile = secrets.get "frpToken";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
virtualisation = {
|
||||||
|
docker.enable = true;
|
||||||
|
oci-containers.backend = "docker";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,14 +1,18 @@
|
||||||
{
|
{
|
||||||
|
pkgs,
|
||||||
config,
|
config,
|
||||||
_utils,
|
_utils,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
turnstileSecret = _utils.setupSingleSecret config "turnstileSecret" {
|
secrets = _utils.setupSecrets config {
|
||||||
owner = "forgejo";
|
secrets = ["turnstileSecret" "forgejoRunnerSecret"];
|
||||||
group = "forgejo";
|
extra = {
|
||||||
|
owner = "forgejo";
|
||||||
|
group = "forgejo";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
imports = [turnstileSecret.generate];
|
imports = [secrets.generate];
|
||||||
|
|
||||||
cfTunnels."git.uku3lig.net" = "http://localhost:3000";
|
cfTunnels."git.uku3lig.net" = "http://localhost:3000";
|
||||||
|
|
||||||
|
@ -22,7 +26,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
secrets = {
|
secrets = {
|
||||||
service.CF_TURNSTILE_SECRET = turnstileSecret.path;
|
service.CF_TURNSTILE_SECRET = secrets.get "turnstileSecret";
|
||||||
};
|
};
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
|
@ -48,7 +52,10 @@ in {
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
actions.ENABLED = false;
|
actions = {
|
||||||
|
ENABLED = true;
|
||||||
|
DEFAULT_ACTIONS_URL = "https://github.com";
|
||||||
|
};
|
||||||
|
|
||||||
"ui.meta" = {
|
"ui.meta" = {
|
||||||
AUTHOR = "uku's forge";
|
AUTHOR = "uku's forge";
|
||||||
|
@ -61,6 +68,28 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
gitea-actions-runner = {
|
||||||
|
package = pkgs.forgejo-actions-runner;
|
||||||
|
instances.etna = {
|
||||||
|
enable = true;
|
||||||
|
name = "etna";
|
||||||
|
url = "https://git.uku3lig.net";
|
||||||
|
tokenFile = secrets.get "forgejoRunnerSecret";
|
||||||
|
labels = [
|
||||||
|
"ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
|
||||||
|
];
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
log.level = "info";
|
||||||
|
runner = {
|
||||||
|
capacity = 4;
|
||||||
|
timeout = "2h";
|
||||||
|
insecure = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
frp.settings.proxies = [
|
frp.settings.proxies = [
|
||||||
{
|
{
|
||||||
name = "forgejo-ssh";
|
name = "forgejo-ssh";
|
||||||
|
|
|
@ -44,8 +44,6 @@ in {
|
||||||
lynn
|
lynn
|
||||||
];
|
];
|
||||||
|
|
||||||
virtualisation.oci-containers.backend = "docker";
|
|
||||||
|
|
||||||
systemd.services.restart-minecraft-servers = {
|
systemd.services.restart-minecraft-servers = {
|
||||||
wantedBy = ["multi-user.target"];
|
wantedBy = ["multi-user.target"];
|
||||||
script = ''
|
script = ''
|
||||||
|
|
Loading…
Reference in a new issue