From ae18d4f7923cc151beb1aa773442e22599d6c650 Mon Sep 17 00:00:00 2001 From: Ivan Malison Date: Sat, 23 Sep 2023 15:31:06 -0600 Subject: [PATCH] [NixOS] Move gitea to its own file enable actions runner --- nixos/gitea.nix | 20 +++++++++++++ nixos/machines/biskcomp.nix | 15 +--------- nixos/secrets/gitea-runner-token.age | 43 ++++++++++++++++++++++++++++ nixos/secrets/secrets.nix | 1 + 4 files changed, 65 insertions(+), 14 deletions(-) create mode 100644 nixos/gitea.nix create mode 100644 nixos/secrets/gitea-runner-token.age diff --git a/nixos/gitea.nix b/nixos/gitea.nix new file mode 100644 index 00000000..72bd72e1 --- /dev/null +++ b/nixos/gitea.nix @@ -0,0 +1,20 @@ +{ config, makeEnable, ... }: +makeEnable config "modules.gitea" false { + age.secrets."gitea-runner-token".file = ./secrets/gitea-runner-token.age; + + services.gitea = { + enable = true; + lfs.enable = true; + settings.server = { + DOMAIN = "1896Folsom.duckdns.org"; + SSH_PORT = 1123; + }; + }; + + services.gitea-actions-runner.instances-nix-runner = { + enable = true; + url = config.service.gitea.settings.server.ROOT_URL; + tokenFile = config.age.secrets.gitea-runner-token.path; + labels = [ "nixos:host" ]; + }; +} diff --git a/nixos/machines/biskcomp.nix b/nixos/machines/biskcomp.nix index 4513a4ac..19fa97c9 100644 --- a/nixos/machines/biskcomp.nix +++ b/nixos/machines/biskcomp.nix @@ -24,6 +24,7 @@ in port = 80; path = "/nix-cache"; }; + modules.gitea.enable = true; services.vaultwarden = { enable = true; @@ -61,20 +62,6 @@ in enable = true; }; - services.gitea = { - enable = true; - lfs.enable = true; - settings.server = { - DOMAIN = "1896Folsom.duckdns.org"; - SSH_PORT = 1123; - }; - }; - - services.gitea-actions-runner = { - enable = true; - url = "http://1896Folsom.duckdns.org:3000"; - }; - fileSystems."/" = { device = "/dev/disk/by-label/NIXOS_SD"; fsType = "ext4"; diff --git a/nixos/secrets/gitea-runner-token.age b/nixos/secrets/gitea-runner-token.age new file mode 100644 index 00000000..baf2da3f --- /dev/null +++ b/nixos/secrets/gitea-runner-token.age @@ -0,0 +1,43 @@ +age-encryption.org/v1 +-> ssh-ed25519 ZgrTqA ByjzaUOXtRRnuIZnvE69gDeFjRBcc/oM57V5KjRObFc +3odvmrn8Dd2AY7tOLm9bhqAC52bnskr5hGWI9lUZMhg +-> ssh-ed25519 ZaBdSg YVzuOjKLFtjPTYzZIm9xZxQNd09Oozg0dCAbQbJcQwM +JmeMfP5EiQDJZOxDUpzEpzjjlmYsJeUpzP80g/4klQs +-> ssh-ed25519 MHZylw OlMxJ/vzvPiodD/C5GDzKG9/25MWBSMLLQZHudxI/hM +ANFdrNElBJ9TkHVd04TbiNvVe2vmFAl5p/Ldt4ho5QI +-> ssh-rsa gwJx0Q +Rg9/CwUTInQ0RBd7B++XuMKvqaj7KnvMU46zESavJPHy6r7Suiy9t+aWQkofJnrM +mJnkXg84kkS/hiyevRpQIJ508JXbRH7gpQ0a5FzOFOqv7XjgED2k5yXaT2znONS9 +v1Bxd6H7FdGFdCJMcA1ObWGS0eAtVp48kNFhji0P7Ew+pJQ1HdFBJ9Q1sDBRrGrG +HSbj08L97IoFS3YDzkPNDWD5ruN3yjNCY8f2+6WLPdsKc5ceqfWZVkxSF1ntzcpX +vIgA9w3gZYl1C3zywPg6xN4kXbH/yTKE8GuUJ/dH6VM7ygxN1hZe7Seg+23w+FRT +sln2g8fhNS8g8cjodGyCVA +-> ssh-ed25519 YFIoHA EC83sNResM2hkjPeu4coNYoduEZiuk0LuE8+FMoPFTU +NLLttEuOMCpM6nZYnDoM0WsmH0i+lry8ahW1AtDr7EA +-> ssh-ed25519 KQfiow 6SWer9i3Yqjg2sfYXTY8nuBWZ3s+UV5ULkeEsesJqEI +hYfooX5Ju1ag7WqBafNJtz02YeV6bOrubnIs6LtBsrw +-> ssh-ed25519 kScIxg 2PuSlwLHRvB/N9T1OCpH6iYxFo0VgwmBQHLhPJMuyAY +l1WAAplU8gvuGQWd5FWnuDteDQxkAyDfXZdXbTh3+A4 +-> ssh-ed25519 HzX1zw +VlRLpIBNyLclESWLmtRiyF71LcmRP5JJ9r9bO05OUA +WAJkjDkuJe/8gZlnQ0UhSvTHmivPnvuCXJdh2SU4Myo +-> ssh-ed25519 KQfiow OBSfzKqE4Cq3SbHOmbwAULaX+Dq4ptyBv4oPhs105lc +jGDcpkjJQeigwvSMeFmVt+j4uFkZ0U5p4e8O2nEHQcU +-> ssh-ed25519 1o2X0w zlzlgcp68KYtsQ80T0T8Pgttx4Yhbq+lMPg+9D6LTXU +bRsIl2+KYYUbDva7qQxIEBglhTZwPSRFIAIjc3ivdJM +-> ssh-ed25519 KQ5iUA Y5TbQym30kVvTWfgqgjfEmAUMujxS5L4V6t1fbp1kX0 +iLoXFEsBkXQ2GZmVtQu4q7nmAnY/2/3lXenseeqWjOk +-> ssh-ed25519 0eS5+A JzBJCbrF6AhAX21dfYsxGJu00jqbZ0MAh4YwVez7UkU +hjVJ5VF0zzjuFtH7gnQ+pfwRqxold5MoAmmYNlyZ3q4 +-> ssh-ed25519 9/4Prw bkSZSKn1m2p0bWWdFW7e4Gro9YMGHPUGeimNxuKfyEo +lczVsjV2xUxQfpxjWnjw1unIfdj3UbedIR5GJD3VbMs +-> ssh-ed25519 gAk3+Q q+ITa66nKTkCqpuASVkSlkzwdrBL19pO/qh3nFEC6yQ +unXHw5MoHpCP2f1U5qxJ6vsh4o7BVdSLcOxebjr0jbg +-> ssh-ed25519 X6eGtQ m4bLgA38Nw+vJD439D8KTkaowKIVm3Regquj33r55Qg +7K5JL1bVMg2rIjpi0xF/LGSZyNud35LwrB/L+D6z0WE +-> ssh-ed25519 0ma8Cw BrFZHrA+3W1pNoGPIRIPI6s2RXMQfY0abP9+YyGq7Hw +DwZpnkIodmlFaFCSRkHfzRVgcbiNem6ovcgiZZOcqAs +-> zvus-grease S#+[ +9fcO9tGiB2cdLmluXpcokgQBAWvsI3ejHCEEGXEedCdhWUPGgyrH8LUQcfJ/h5TT ++Nmy8GYL4JBfAvkhX6xxSFeAKsuXtvLbByQM +--- 2h93POKlR6xzfAmKkS9FE6+v+xnA3eloRgYLKHkx34w + Q_vүsr1?Ͻ;o)mof(xe֦XKI;.!3OE骏g \ No newline at end of file diff --git a/nixos/secrets/secrets.nix b/nixos/secrets/secrets.nix index d168712b..10abe652 100644 --- a/nixos/secrets/secrets.nix +++ b/nixos/secrets/secrets.nix @@ -4,4 +4,5 @@ in "gpg-keys.age".publicKeys = keys.agenixKeys; "gpg-passphrase.age".publicKeys = keys.agenixKeys; "cache-priv-key.pem.age".publicKeys = keys.agenixKeys; + "gitea-runner-token.age".publicKeys = keys.agenixKeys; }