feat(etna): add forgejo actions runner
This commit is contained in:
parent
9ab95ffdf6
commit
b05e570f3b
5 changed files with 53 additions and 8 deletions
12
secrets/etna/forgejoRunnerSecret.age
Normal file
12
secrets/etna/forgejoRunnerSecret.age
Normal file
|
@ -0,0 +1,12 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1WnZ4dWtjU2JBQ3JDRktR
|
||||
K2RDMktEcDdyOGIyOVZ0VGppVm9iRW5kaGlzCno3eXFlc2U2Z3J4TzNIblFiMGlR
|
||||
N1FCQnRTcDkxdzhGZkg0WFdqQ2ZpUmMKLT4gWDI1NTE5IC9WbG5iYjdiUFMwNnJK
|
||||
QnMwUVordXNGRmlsWXRUNEk4Y1ZSVEV1VzNuVzQKUVZZdStyRGhIdE5oUk5sMTVO
|
||||
blVuV2MrejBNNmVhSzdqRmlJYmVlNTlEZwotPiBYMjU1MTkgVTAxKzhxU1JNSWRn
|
||||
KzVocEY2ODV2YmxMVk5TRGZyanJjZUFiNjFVMDUyRQpMY0JUU29CeWN1OUM5T2tS
|
||||
MVlJYm9MQ3ZvT2VyQXRJanRpMVFWTlJNVENBCi0tLSAyTVplNGFzMm93b1pFVTEr
|
||||
MlhKelpvT3dQTWxNNXpqNTdIdHBCbEUrRTZBChSSgqcbi9is6ISM4n0UeA/tsXgM
|
||||
6mFlP8XO7o3FWHMvv84gK2861kG8hlITXjAFdsSIkUoA31O45hlr9b6+A/b8M7lu
|
||||
PZYdP9leVeh/Dxk=
|
||||
-----END AGE ENCRYPTED FILE-----
|
|
@ -26,4 +26,5 @@ in {
|
|||
"etna/nextcloudAdminPass.age".publicKeys = main ++ [etna];
|
||||
"etna/turnstileSecret.age".publicKeys = main ++ [etna];
|
||||
"etna/navidromeEnv.age".publicKeys = main ++ [etna];
|
||||
"etna/forgejoRunnerSecret.age".publicKeys = main ++ [etna];
|
||||
}
|
||||
|
|
|
@ -76,4 +76,9 @@ in {
|
|||
"cloudflared-tunnel-${tunnelId}".serviceConfig.RestartSec = "10s";
|
||||
frp.serviceConfig.EnvironmentFile = secrets.get "frpToken";
|
||||
};
|
||||
|
||||
virtualisation = {
|
||||
docker.enable = true;
|
||||
oci-containers.backend = "docker";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
_utils,
|
||||
...
|
||||
}: let
|
||||
turnstileSecret = _utils.setupSingleSecret config "turnstileSecret" {
|
||||
owner = "forgejo";
|
||||
group = "forgejo";
|
||||
secrets = _utils.setupSecrets config {
|
||||
secrets = ["turnstileSecret" "forgejoRunnerSecret"];
|
||||
extra = {
|
||||
owner = "forgejo";
|
||||
group = "forgejo";
|
||||
};
|
||||
};
|
||||
in {
|
||||
imports = [turnstileSecret.generate];
|
||||
imports = [secrets.generate];
|
||||
|
||||
cfTunnels."git.uku3lig.net" = "http://localhost:3000";
|
||||
|
||||
|
@ -22,7 +26,7 @@ in {
|
|||
};
|
||||
|
||||
secrets = {
|
||||
service.CF_TURNSTILE_SECRET = turnstileSecret.path;
|
||||
service.CF_TURNSTILE_SECRET = secrets.get "turnstileSecret";
|
||||
};
|
||||
|
||||
settings = {
|
||||
|
@ -48,7 +52,10 @@ in {
|
|||
ENABLED = true;
|
||||
};
|
||||
|
||||
actions.ENABLED = false;
|
||||
actions = {
|
||||
ENABLED = true;
|
||||
DEFAULT_ACTIONS_URL = "https://github.com";
|
||||
};
|
||||
|
||||
"ui.meta" = {
|
||||
AUTHOR = "uku's forge";
|
||||
|
@ -61,6 +68,28 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
gitea-actions-runner = {
|
||||
package = pkgs.forgejo-actions-runner;
|
||||
instances.etna = {
|
||||
enable = true;
|
||||
name = "etna";
|
||||
url = "https://git.uku3lig.net";
|
||||
tokenFile = secrets.get "forgejoRunnerSecret";
|
||||
labels = [
|
||||
"ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
|
||||
];
|
||||
|
||||
settings = {
|
||||
log.level = "info";
|
||||
runner = {
|
||||
capacity = 4;
|
||||
timeout = "2h";
|
||||
insecure = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
frp.settings.proxies = [
|
||||
{
|
||||
name = "forgejo-ssh";
|
||||
|
|
|
@ -44,8 +44,6 @@ in {
|
|||
lynn
|
||||
];
|
||||
|
||||
virtualisation.oci-containers.backend = "docker";
|
||||
|
||||
systemd.services.restart-minecraft-servers = {
|
||||
wantedBy = ["multi-user.target"];
|
||||
script = ''
|
||||
|
|
Loading…
Reference in a new issue