feat: forgejo runner

Added a forgejo runner and extracted monolith file into folder/sub-folder

hosts/cl-00-00/system/configuration/forgejo/default.nix

@@ -0,0 +1,11 @@
+{ ...
+}:
+
+{
+  imports = [
+    ./network.nix
+    ./runner.nix
+    ./secrets.nix
+    ./server.nix
+  ];
+}

hosts/cl-00-00/system/configuration/forgejo/network.nix

@@ -0,0 +1,22 @@
+{ ...
+}:
+
+{
+  networking.firewall.allowedTCPPorts = [ 22 ];
+  
+  services.traefik.dynamicConfigOptions.http = {
+    routers.forgejo = {
+      rule = "Host(`git.dokkae.com`)";
+      service = "forgejo";
+      entryPoints = [ "websecure" ];
+      tls = { certResolver = "letsencrypt"; };
+    };
+
+    services.forgejo = {
+      loadBalancer.servers = [
+        { url = "http://localhost:3000"; }
+      ];
+    };
+  };
+
+}

hosts/cl-00-00/system/configuration/forgejo/runner.nix

@@ -0,0 +1,34 @@
+{ pkgs
+, config
+, ...
+}:
+
+{
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-runner;
+
+    instances.default = {
+      enable = true;
+      name = "cl-00-00_forgejo-runner-00";
+      url = "https://git.dokkae.com";
+      tokenFile = config.sops.secrets."forgejo/runners/00".path;
+      labels = [
+        "ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
+        "debian-latest:docker://debian:bookworm"
+        "alpine-latest:docker://alpine:latest"
+      ];
+      settings = {
+        container = {
+          network = "bridge";
+        };
+        runner = {
+          capacity = 2;
+          timeout = "1h";
+        };
+        cache = {
+          enabled = true;
+        };
+      };
+    };
+  };
+}

hosts/cl-00-00/system/configuration/forgejo/secrets.nix

@@ -0,0 +1,25 @@
+{ config
+, ...
+}:
+
+{
+  config.sops.secrets = {
+    "forgejo/admin/dokkae.cat/password" = {
+      owner = "forgejo";
+      group = "forgejo";
+      mode = "400";
+    };
+
+    "forgejo/mailer/password" = {
+      owner = "forgejo";
+      group = "forgejo";
+      mode = "400";
+    };
+
+    "forgejo/runners/00" = {
+      owner = "forgejo";
+      group = "forgejo";
+      mode = "400";
+    };
+  };
+}

hosts/cl-00-00/system/configuration/forgejo/server.nix

@@ -0,0 +1,73 @@
+{ config
+, lib
+, pkgs
+, ...
+}:
+
+{
+  services.forgejo = {
+    enable = true;
+    user = "forgejo";
+    group = "forgejo";
+    
+    database = {
+      type = "postgres";
+      host = "/run/postgresql";
+      name = "forgejo";
+      user = "forgejo";
+    };
+
+    lfs.enable = false;
+
+    settings = {
+      server = {
+        DOMAIN = "localhost";
+        PROTOCOL = "http";
+        HTTP_PORT = 3000;
+
+        # Used for web-displayed URL references.
+        ROOT_URL = "https://git.dokkae.com/";
+
+        # SSH Settings
+        SSH_DOMAIN = "ssh.dokkae.com";
+        SSH_PORT = 22;
+        START_SSH_SERVER = false;
+      };
+
+      services = {
+        # Can be temporarily disabled to allow registration of an admin user.
+        # Admin account can manually create new users via web interface.
+        DISABLE_REGISTRATION = true;
+      };
+
+      actions = {
+        ENABLED = true;
+        DEFAULT_ACTIONS_URL = "github";
+      };
+
+      # Optional email server configuration.
+      # Test mails can be sent via: Profile Picture > Site Administration > Configuration >  Mailer Configuration
+      mailer = {
+        ENABLED = true;
+        SMTP_ADDR = "smtp.gmail.com";
+        FROM = "noreply@git.dokkae.com";
+        USER = "finnliry@gmail.com";
+        PROTOCOL = "smtps";
+        SMTP_PORT = 465;
+      };
+    };
+
+    secrets = {
+      mailer.PASSWD = config.sops.secrets."forgejo/mailer/password".path;
+    };
+  };
+
+  systemd.services.forgejo.preStart = let
+    adminCmd = "${lib.getExe config.services.forgejo.package} admin user";
+    pwdPath = config.sops.secrets."forgejo/admin/dokkae.cat/password".path;
+    user = "dokkae.cat";
+  in ''
+    PASSWORD="$(cat "${pwdPath}" | tr -d '\n')"
+    ${adminCmd} create --admin --email "finnliry@gmail.com" --username ${user} --password "$PASSWORD" || true
+  '';
+}