From eb7d6c146f788480773204baafead2517c09afed Mon Sep 17 00:00:00 2001 From: "dokkae.cat" Date: Sun, 11 Jan 2026 20:52:16 +0000 Subject: [PATCH] feat: forgejo runner Added a forgejo runner and extracted monolith file into folder/sub-folder --- hosts/cl-00-00/secrets/default.yaml | 6 ++-- .../system/configuration/container.nix | 14 ++++++++ .../cl-00-00/system/configuration/default.nix | 6 ++-- .../system/configuration/forgejo/default.nix | 11 ++++++ .../system/configuration/forgejo/network.nix | 22 ++++++++++++ .../system/configuration/forgejo/runner.nix | 34 +++++++++++++++++++ .../system/configuration/forgejo/secrets.nix | 25 ++++++++++++++ .../{forgejo.nix => forgejo/server.nix} | 17 ---------- hosts/cl-00-00/system/configuration/sops.nix | 11 ------ 9 files changed, 114 insertions(+), 32 deletions(-) create mode 100644 hosts/cl-00-00/system/configuration/container.nix create mode 100644 hosts/cl-00-00/system/configuration/forgejo/default.nix create mode 100644 hosts/cl-00-00/system/configuration/forgejo/network.nix create mode 100644 hosts/cl-00-00/system/configuration/forgejo/runner.nix create mode 100644 hosts/cl-00-00/system/configuration/forgejo/secrets.nix rename hosts/cl-00-00/system/configuration/{forgejo.nix => forgejo/server.nix} (81%) diff --git a/hosts/cl-00-00/secrets/default.yaml b/hosts/cl-00-00/secrets/default.yaml index 55a9d23..7a4046f 100755 --- a/hosts/cl-00-00/secrets/default.yaml +++ b/hosts/cl-00-00/secrets/default.yaml @@ -9,6 +9,8 @@ forgejo: password: ENC[AES256_GCM,data:FBmMqD+zROFZ4A==,iv:uh1t3+fMylalXqIQGwzRQoZwoT6kP0xRmkrs3ygVqeA=,tag:tXMNEFcWbPW/kaADN1urow==,type:str] mailer: password: ENC[AES256_GCM,data:HoxA9HNIMf0rnltDJrOynvoKzQ==,iv:/9YlRJI2WMjtuyLJJFJInxDpngdiQ1g+L9cel+tISy0=,tag:R3nRPmu23G0zOPEZQkUSug==,type:str] + runners: + "00": ENC[AES256_GCM,data:E1OSfoo+KL+/QZdfiN4IPTk0BzHVoNbvjMu5isABZb5fYKLa80/lgGmM6NRYxw==,iv:xOtpHsGtwRoxMQCVgq+pWhHC1r4bgRLXbg5c+/uL2AM=,tag:wYlhjb/zac9KK8bzXEkECw==,type:str] sops: age: - recipient: age1pj86dmk8j5tne0r7zu09v3x40xjdae6mhvrzyw5squ9px96z9p0suj89f8 @@ -29,7 +31,7 @@ sops: MTJWN0R6VUR6c21iVE1tK0VPL2NoYzAKrGwbTolQpUWcFRyJ6M1KVQ3odS4leYvW KZZUx9n9O6j9LH2tHH6ut1maiDXfLkBTnEeXrogp+oK075QVKXfUBA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-10T19:58:26Z" - mac: ENC[AES256_GCM,data:N/eVKWgRdTCHxcTkeKpBUxiVF7OKRdUtpBj+dM2c5uclKxwSHB5jw/GuZjcrq8BQvTjgwZxnH6Q7D05c+tFOl+P1m/LrnZLtIxH/iynqMavFwXsBXFF+1ngY+CwLflsagtiNhKp/JxvIKRSaSlNTxGL7NqX6feeTNQirA0CFs0M=,iv:z0MpIYnONpEIfu90takM398GapmkuuGZGC0y3kFjZP0=,tag:/gz+ngidM0fJPCI7b7ABDw==,type:str] + lastmodified: "2026-01-11T20:35:41Z" + mac: ENC[AES256_GCM,data:R1m9zzLTpAjyQjO3Jw4tFr4lOpjHvCaKkZnnuIzppyMYAheS8JjEubNL4FzsVNHxbUgPIR1ZIYcyXuv9tZ5camx9r4008xan9Q9qAtkvxlpaZvuXhRMSMYnJAMiRBudUKg4XKSKtUK4SHCWQ0+a/rEuXSMTWxDgSpGlz9cb/RBo=,iv:CR1HDmZbLHtscUcjf1NsmMBAHUG1Dxr7FaZBS2osGGI=,tag:Ld66EFrVzrCB6BZ5cvxgeg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/hosts/cl-00-00/system/configuration/container.nix b/hosts/cl-00-00/system/configuration/container.nix new file mode 100644 index 0000000..42a4e5d --- /dev/null +++ b/hosts/cl-00-00/system/configuration/container.nix @@ -0,0 +1,14 @@ +{ ... +}: + +{ + virtualisation.podman = { + enable = true; + + # Create a `docker` alias for podman + dockerCompat = true; + + # Required for containers to talk to each other + defaultNetwork.settings.dns_enabled = true; + }; +} diff --git a/hosts/cl-00-00/system/configuration/default.nix b/hosts/cl-00-00/system/configuration/default.nix index f260f86..fef30c9 100755 --- a/hosts/cl-00-00/system/configuration/default.nix +++ b/hosts/cl-00-00/system/configuration/default.nix @@ -9,10 +9,12 @@ in imports = [ modules.shells - ./sops.nix - ./forgejo.nix + ./forgejo + + ./container.nix ./gc.nix ./postgres.nix + ./sops.nix ./ssh.nix ./traefik.nix ./users.nix diff --git a/hosts/cl-00-00/system/configuration/forgejo/default.nix b/hosts/cl-00-00/system/configuration/forgejo/default.nix new file mode 100644 index 0000000..7ca041c --- /dev/null +++ b/hosts/cl-00-00/system/configuration/forgejo/default.nix @@ -0,0 +1,11 @@ +{ ... +}: + +{ + imports = [ + ./network.nix + ./runner.nix + ./secrets.nix + ./server.nix + ]; +} diff --git a/hosts/cl-00-00/system/configuration/forgejo/network.nix b/hosts/cl-00-00/system/configuration/forgejo/network.nix new file mode 100644 index 0000000..69613e2 --- /dev/null +++ b/hosts/cl-00-00/system/configuration/forgejo/network.nix @@ -0,0 +1,22 @@ +{ ... +}: + +{ + networking.firewall.allowedTCPPorts = [ 22 ]; + + services.traefik.dynamicConfigOptions.http = { + routers.forgejo = { + rule = "Host(`git.dokkae.com`)"; + service = "forgejo"; + entryPoints = [ "websecure" ]; + tls = { certResolver = "letsencrypt"; }; + }; + + services.forgejo = { + loadBalancer.servers = [ + { url = "http://localhost:3000"; } + ]; + }; + }; + +} diff --git a/hosts/cl-00-00/system/configuration/forgejo/runner.nix b/hosts/cl-00-00/system/configuration/forgejo/runner.nix new file mode 100644 index 0000000..791b2cc --- /dev/null +++ b/hosts/cl-00-00/system/configuration/forgejo/runner.nix @@ -0,0 +1,34 @@ +{ pkgs +, config +, ... +}: + +{ + services.gitea-actions-runner = { + package = pkgs.forgejo-runner; + + instances.default = { + enable = true; + name = "cl-00-00_forgejo-runner-00"; + url = "https://git.dokkae.com"; + tokenFile = config.sops.secrets."forgejo/runners/00".path; + labels = [ + "ubuntu-latest:docker://catthehacker/ubuntu:act-latest" + "debian-latest:docker://debian:bookworm" + "alpine-latest:docker://alpine:latest" + ]; + settings = { + container = { + network = "bridge"; + }; + runner = { + capacity = 2; + timeout = "1h"; + }; + cache = { + enabled = true; + }; + }; + }; + }; +} diff --git a/hosts/cl-00-00/system/configuration/forgejo/secrets.nix b/hosts/cl-00-00/system/configuration/forgejo/secrets.nix new file mode 100644 index 0000000..fad41cd --- /dev/null +++ b/hosts/cl-00-00/system/configuration/forgejo/secrets.nix @@ -0,0 +1,25 @@ +{ config +, ... +}: + +{ + config.sops.secrets = { + "forgejo/admin/dokkae.cat/password" = { + owner = "forgejo"; + group = "forgejo"; + mode = "400"; + }; + + "forgejo/mailer/password" = { + owner = "forgejo"; + group = "forgejo"; + mode = "400"; + }; + + "forgejo/runners/00" = { + owner = "forgejo"; + group = "forgejo"; + mode = "400"; + }; + }; +} diff --git a/hosts/cl-00-00/system/configuration/forgejo.nix b/hosts/cl-00-00/system/configuration/forgejo/server.nix similarity index 81% rename from hosts/cl-00-00/system/configuration/forgejo.nix rename to hosts/cl-00-00/system/configuration/forgejo/server.nix index cf76b9e..6ffb8d9 100755 --- a/hosts/cl-00-00/system/configuration/forgejo.nix +++ b/hosts/cl-00-00/system/configuration/forgejo/server.nix @@ -5,23 +5,6 @@ }: { - networking.firewall.allowedTCPPorts = [ 22 ]; - - services.traefik.dynamicConfigOptions.http = { - routers.forgejo = { - rule = "Host(`git.dokkae.com`)"; - service = "forgejo"; - entryPoints = [ "websecure" ]; - tls = { certResolver = "letsencrypt"; }; - }; - - services.forgejo = { - loadBalancer.servers = [ - { url = "http://localhost:3000"; } - ]; - }; - }; - services.forgejo = { enable = true; user = "forgejo"; diff --git a/hosts/cl-00-00/system/configuration/sops.nix b/hosts/cl-00-00/system/configuration/sops.nix index fb0bc43..7719163 100755 --- a/hosts/cl-00-00/system/configuration/sops.nix +++ b/hosts/cl-00-00/system/configuration/sops.nix @@ -25,17 +25,6 @@ owner = "kurisu"; neededForUsers = true; }; - - "forgejo/admin/dokkae.cat/password" = { - owner = "forgejo"; - group = "forgejo"; - mode = "400"; - }; - "forgejo/mailer/password" = { - owner = "forgejo"; - group = "forgejo"; - mode = "400"; - }; }; }; } -- 2.52.0