dokkae.cat/nixos
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

feat: forgejo runner #11

Merged
dokkae.cat merged 1 commit from feat/forgejo-runner into main 2026-01-11 20:54:54 +00:00
Conversation 0 Commits 1 Files changed 9 +114 -32
9 changed files with 114 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit eb7d6c146f - Show all commits

6
hosts/cl-00-00/secrets/default.yaml
View file

@ -9,6 +9,8 @@ forgejo:
password: ENC[AES256_GCM,data:FBmMqD+zROFZ4A==,iv:uh1t3+fMylalXqIQGwzRQoZwoT6kP0xRmkrs3ygVqeA=,tag:tXMNEFcWbPW/kaADN1urow==,type:str] password: ENC[AES256_GCM,data:FBmMqD+zROFZ4A==,iv:uh1t3+fMylalXqIQGwzRQoZwoT6kP0xRmkrs3ygVqeA=,tag:tXMNEFcWbPW/kaADN1urow==,type:str]
mailer: mailer:
password: ENC[AES256_GCM,data:HoxA9HNIMf0rnltDJrOynvoKzQ==,iv:/9YlRJI2WMjtuyLJJFJInxDpngdiQ1g+L9cel+tISy0=,tag:R3nRPmu23G0zOPEZQkUSug==,type:str] password: ENC[AES256_GCM,data:HoxA9HNIMf0rnltDJrOynvoKzQ==,iv:/9YlRJI2WMjtuyLJJFJInxDpngdiQ1g+L9cel+tISy0=,tag:R3nRPmu23G0zOPEZQkUSug==,type:str]
runners:
"00": ENC[AES256_GCM,data:E1OSfoo+KL+/QZdfiN4IPTk0BzHVoNbvjMu5isABZb5fYKLa80/lgGmM6NRYxw==,iv:xOtpHsGtwRoxMQCVgq+pWhHC1r4bgRLXbg5c+/uL2AM=,tag:wYlhjb/zac9KK8bzXEkECw==,type:str]
sops: sops:
age: age:
- recipient: age1pj86dmk8j5tne0r7zu09v3x40xjdae6mhvrzyw5squ9px96z9p0suj89f8 - recipient: age1pj86dmk8j5tne0r7zu09v3x40xjdae6mhvrzyw5squ9px96z9p0suj89f8
@ -29,7 +31,7 @@ sops:
MTJWN0R6VUR6c21iVE1tK0VPL2NoYzAKrGwbTolQpUWcFRyJ6M1KVQ3odS4leYvW MTJWN0R6VUR6c21iVE1tK0VPL2NoYzAKrGwbTolQpUWcFRyJ6M1KVQ3odS4leYvW
KZZUx9n9O6j9LH2tHH6ut1maiDXfLkBTnEeXrogp+oK075QVKXfUBA== KZZUx9n9O6j9LH2tHH6ut1maiDXfLkBTnEeXrogp+oK075QVKXfUBA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-10T19:58:26Z" lastmodified: "2026-01-11T20:35:41Z"
mac: ENC[AES256_GCM,data:N/eVKWgRdTCHxcTkeKpBUxiVF7OKRdUtpBj+dM2c5uclKxwSHB5jw/GuZjcrq8BQvTjgwZxnH6Q7D05c+tFOl+P1m/LrnZLtIxH/iynqMavFwXsBXFF+1ngY+CwLflsagtiNhKp/JxvIKRSaSlNTxGL7NqX6feeTNQirA0CFs0M=,iv:z0MpIYnONpEIfu90takM398GapmkuuGZGC0y3kFjZP0=,tag:/gz+ngidM0fJPCI7b7ABDw==,type:str] mac: ENC[AES256_GCM,data:R1m9zzLTpAjyQjO3Jw4tFr4lOpjHvCaKkZnnuIzppyMYAheS8JjEubNL4FzsVNHxbUgPIR1ZIYcyXuv9tZ5camx9r4008xan9Q9qAtkvxlpaZvuXhRMSMYnJAMiRBudUKg4XKSKtUK4SHCWQ0+a/rEuXSMTWxDgSpGlz9cb/RBo=,iv:CR1HDmZbLHtscUcjf1NsmMBAHUG1Dxr7FaZBS2osGGI=,tag:Ld66EFrVzrCB6BZ5cvxgeg==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0

14
hosts/cl-00-00/system/configuration/container.nix Normal file
View file

@ -0,0 +1,14 @@
{ ...
}:
{
virtualisation.podman = {
enable = true;
# Create a `docker` alias for podman
dockerCompat = true;
# Required for containers to talk to each other
defaultNetwork.settings.dns_enabled = true;
};
}

6
hosts/cl-00-00/system/configuration/default.nix
View file

@ -9,10 +9,12 @@ in
imports = [ imports = [
modules.shells modules.shells
./sops.nix ./forgejo
./forgejo.nix
./container.nix
./gc.nix ./gc.nix
./postgres.nix ./postgres.nix
./sops.nix
./ssh.nix ./ssh.nix
./traefik.nix ./traefik.nix
./users.nix ./users.nix

11
hosts/cl-00-00/system/configuration/forgejo/default.nix Normal file
View file

@ -0,0 +1,11 @@
{ ...
}:
{
imports = [
./network.nix
./runner.nix
./secrets.nix
./server.nix
];
}

22
hosts/cl-00-00/system/configuration/forgejo/network.nix Normal file
View file

@ -0,0 +1,22 @@
{ ...
}:
{
networking.firewall.allowedTCPPorts = [ 22 ];
services.traefik.dynamicConfigOptions.http = {
routers.forgejo = {
rule = "Host(`git.dokkae.com`)";
service = "forgejo";
entryPoints = [ "websecure" ];
tls = { certResolver = "letsencrypt"; };
};
services.forgejo = {
loadBalancer.servers = [
{ url = "http://localhost:3000"; }
];
};
};
}

34
hosts/cl-00-00/system/configuration/forgejo/runner.nix Normal file
View file

@ -0,0 +1,34 @@
{ pkgs
, config
, ...
}:
{
services.gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances.default = {
enable = true;
name = "cl-00-00_forgejo-runner-00";
url = "https://git.dokkae.com";
tokenFile = config.sops.secrets."forgejo/runners/00".path;
labels = [
"ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
"debian-latest:docker://debian:bookworm"
"alpine-latest:docker://alpine:latest"
];
settings = {
container = {
network = "bridge";
};
runner = {
capacity = 2;
timeout = "1h";
};
cache = {
enabled = true;
};
};
};
};
}

25
hosts/cl-00-00/system/configuration/forgejo/secrets.nix Normal file
View file

@ -0,0 +1,25 @@
{ config
, ...
}:
{
config.sops.secrets = {
"forgejo/admin/dokkae.cat/password" = {
owner = "forgejo";
group = "forgejo";
mode = "400";
};
"forgejo/mailer/password" = {
owner = "forgejo";
group = "forgejo";
mode = "400";
};
"forgejo/runners/00" = {
owner = "forgejo";
group = "forgejo";
mode = "400";
};
};
}

17
hosts/cl-00-00/system/configuration/forgejo.nix → hosts/cl-00-00/system/configuration/forgejo/server.nix
View file

@ -5,23 +5,6 @@
}: }:
{ {
networking.firewall.allowedTCPPorts = [ 22 ];
services.traefik.dynamicConfigOptions.http = {
routers.forgejo = {
rule = "Host(`git.dokkae.com`)";
service = "forgejo";
entryPoints = [ "websecure" ];
tls = { certResolver = "letsencrypt"; };
};
services.forgejo = {
loadBalancer.servers = [
{ url = "http://localhost:3000"; }
];
};
};
services.forgejo = { services.forgejo = {
enable = true; enable = true;
user = "forgejo"; user = "forgejo";

11
hosts/cl-00-00/system/configuration/sops.nix
View file

@ -25,17 +25,6 @@
owner = "kurisu"; owner = "kurisu";
neededForUsers = true; neededForUsers = true;
}; };
"forgejo/admin/dokkae.cat/password" = {
owner = "forgejo";
group = "forgejo";
mode = "400";
};
"forgejo/mailer/password" = {
owner = "forgejo";
group = "forgejo";
mode = "400";
};
}; };
}; };
} }