feat: forgejo runner

Added a forgejo runner and extracted monolith file into folder/sub-folder

hosts/cl-00-00/system/configuration/container.nix

@@ -0,0 +1,14 @@
+{ ...
+}:
+
+{
+  virtualisation.podman = {
+    enable = true;
+
+    # Create a `docker` alias for podman
+    dockerCompat = true;
+    
+    # Required for containers to talk to each other
+    defaultNetwork.settings.dns_enabled = true;
+  };
+}

hosts/cl-00-00/system/configuration/default.nix

@@ -9,10 +9,12 @@ in
   imports = [
     modules.shells
 
-    ./sops.nix
-    ./forgejo.nix
+    ./forgejo
+
+    ./container.nix
     ./gc.nix
     ./postgres.nix
+    ./sops.nix
     ./ssh.nix
     ./traefik.nix
     ./users.nix

hosts/cl-00-00/system/configuration/forgejo/default.nix

@@ -0,0 +1,11 @@
+{ ...
+}:
+
+{
+  imports = [
+    ./network.nix
+    ./runner.nix
+    ./secrets.nix
+    ./server.nix
+  ];
+}

hosts/cl-00-00/system/configuration/forgejo/network.nix

@@ -0,0 +1,22 @@
+{ ...
+}:
+
+{
+  networking.firewall.allowedTCPPorts = [ 22 ];
+  
+  services.traefik.dynamicConfigOptions.http = {
+    routers.forgejo = {
+      rule = "Host(`git.dokkae.com`)";
+      service = "forgejo";
+      entryPoints = [ "websecure" ];
+      tls = { certResolver = "letsencrypt"; };
+    };
+
+    services.forgejo = {
+      loadBalancer.servers = [
+        { url = "http://localhost:3000"; }
+      ];
+    };
+  };
+
+}

hosts/cl-00-00/system/configuration/forgejo/runner.nix

@@ -0,0 +1,34 @@
+{ pkgs
+, config
+, ...
+}:
+
+{
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-runner;
+
+    instances.default = {
+      enable = true;
+      name = "cl-00-00_forgejo-runner-00";
+      url = "https://git.dokkae.com";
+      tokenFile = config.sops.secrets."forgejo/runners/00".path;
+      labels = [
+        "ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
+        "debian-latest:docker://debian:bookworm"
+        "alpine-latest:docker://alpine:latest"
+      ];
+      settings = {
+        container = {
+          network = "bridge";
+        };
+        runner = {
+          capacity = 2;
+          timeout = "1h";
+        };
+        cache = {
+          enabled = true;
+        };
+      };
+    };
+  };
+}

hosts/cl-00-00/system/configuration/forgejo/secrets.nix

@@ -0,0 +1,25 @@
+{ config
+, ...
+}:
+
+{
+  config.sops.secrets = {
+    "forgejo/admin/dokkae.cat/password" = {
+      owner = "forgejo";
+      group = "forgejo";
+      mode = "400";
+    };
+
+    "forgejo/mailer/password" = {
+      owner = "forgejo";
+      group = "forgejo";
+      mode = "400";
+    };
+
+    "forgejo/runners/00" = {
+      owner = "forgejo";
+      group = "forgejo";
+      mode = "400";
+    };
+  };
+}

hosts/cl-00-00/system/configuration/forgejo/server.nix

@@ -5,23 +5,6 @@
 }:
 
 {
-  networking.firewall.allowedTCPPorts = [ 22 ];
-  
-  services.traefik.dynamicConfigOptions.http = {
-    routers.forgejo = {
-      rule = "Host(`git.dokkae.com`)";
-      service = "forgejo";
-      entryPoints = [ "websecure" ];
-      tls = { certResolver = "letsencrypt"; };
-    };
-
-    services.forgejo = {
-      loadBalancer.servers = [
-        { url = "http://localhost:3000"; }
-      ];
-    };
-  };
-
   services.forgejo = {
     enable = true;
     user = "forgejo";

hosts/cl-00-00/system/configuration/sops.nix

@@ -25,17 +25,6 @@
         owner = "kurisu";
         neededForUsers =  true;
       };
-
-      "forgejo/admin/dokkae.cat/password" = {
-        owner = "forgejo";
-        group = "forgejo";
-        mode = "400";
-      };
-      "forgejo/mailer/password" = {
-        owner = "forgejo";
-        group = "forgejo";
-        mode = "400";
-      };
     };
   };
 }