[NixOS] Move gitea to its own file enable actions runner

nixos/gitea.nix

@@ -0,0 +1,20 @@
+{ config, makeEnable, ... }:
+makeEnable config "modules.gitea" false {
+  age.secrets."gitea-runner-token".file = ./secrets/gitea-runner-token.age;
+
+  services.gitea = {
+    enable = true;
+    lfs.enable = true;
+    settings.server = {
+      DOMAIN = "1896Folsom.duckdns.org";
+      SSH_PORT = 1123;
+    };
+  };
+
+  services.gitea-actions-runner.instances-nix-runner = {
+    enable = true;
+    url = config.service.gitea.settings.server.ROOT_URL;
+    tokenFile = config.age.secrets.gitea-runner-token.path;
+    labels = [ "nixos:host" ];
+  };
+}

nixos/machines/biskcomp.nix

@@ -24,6 +24,7 @@ in
     port = 80;
     path = "/nix-cache";
   };
+  modules.gitea.enable = true;
 
   services.vaultwarden = {
     enable = true;
@@ -61,20 +62,6 @@ in
     enable = true;
   };
 
-  services.gitea = {
-    enable = true;
-    lfs.enable = true;
-    settings.server = {
-      DOMAIN = "1896Folsom.duckdns.org";
-      SSH_PORT = 1123;
-    };
-  };
-
-  services.gitea-actions-runner = {
-    enable = true;
-    url = "http://1896Folsom.duckdns.org:3000";
-  };
-
   fileSystems."/" = {
     device = "/dev/disk/by-label/NIXOS_SD";
     fsType = "ext4";

nixos/secrets/gitea-runner-token.age

@@ -0,0 +1,43 @@
+age-encryption.org/v1
+-> ssh-ed25519 ZgrTqA ByjzaUOXtRRnuIZnvE69gDeFjRBcc/oM57V5KjRObFc
+3odvmrn8Dd2AY7tOLm9bhqAC52bnskr5hGWI9lUZMhg
+-> ssh-ed25519 ZaBdSg YVzuOjKLFtjPTYzZIm9xZxQNd09Oozg0dCAbQbJcQwM
+JmeMfP5EiQDJZOxDUpzEpzjjlmYsJeUpzP80g/4klQs
+-> ssh-ed25519 MHZylw OlMxJ/vzvPiodD/C5GDzKG9/25MWBSMLLQZHudxI/hM
+ANFdrNElBJ9TkHVd04TbiNvVe2vmFAl5p/Ldt4ho5QI
+-> ssh-rsa gwJx0Q
+Rg9/CwUTInQ0RBd7B++XuMKvqaj7KnvMU46zESavJPHy6r7Suiy9t+aWQkofJnrM
+mJnkXg84kkS/hiyevRpQIJ508JXbRH7gpQ0a5FzOFOqv7XjgED2k5yXaT2znONS9
+v1Bxd6H7FdGFdCJMcA1ObWGS0eAtVp48kNFhji0P7Ew+pJQ1HdFBJ9Q1sDBRrGrG
+HSbj08L97IoFS3YDzkPNDWD5ruN3yjNCY8f2+6WLPdsKc5ceqfWZVkxSF1ntzcpX
+vIgA9w3gZYl1C3zywPg6xN4kXbH/yTKE8GuUJ/dH6VM7ygxN1hZe7Seg+23w+FRT
+sln2g8fhNS8g8cjodGyCVA
+-> ssh-ed25519 YFIoHA EC83sNResM2hkjPeu4coNYoduEZiuk0LuE8+FMoPFTU
+NLLttEuOMCpM6nZYnDoM0WsmH0i+lry8ahW1AtDr7EA
+-> ssh-ed25519 KQfiow 6SWer9i3Yqjg2sfYXTY8nuBWZ3s+UV5ULkeEsesJqEI
+hYfooX5Ju1ag7WqBafNJtz02YeV6bOrubnIs6LtBsrw
+-> ssh-ed25519 kScIxg 2PuSlwLHRvB/N9T1OCpH6iYxFo0VgwmBQHLhPJMuyAY
+l1WAAplU8gvuGQWd5FWnuDteDQxkAyDfXZdXbTh3+A4
+-> ssh-ed25519 HzX1zw +VlRLpIBNyLclESWLmtRiyF71LcmRP5JJ9r9bO05OUA
+WAJkjDkuJe/8gZlnQ0UhSvTHmivPnvuCXJdh2SU4Myo
+-> ssh-ed25519 KQfiow OBSfzKqE4Cq3SbHOmbwAULaX+Dq4ptyBv4oPhs105lc
+jGDcpkjJQeigwvSMeFmVt+j4uFkZ0U5p4e8O2nEHQcU
+-> ssh-ed25519 1o2X0w zlzlgcp68KYtsQ80T0T8Pgttx4Yhbq+lMPg+9D6LTXU
+bRsIl2+KYYUbDva7qQxIEBglhTZwPSRFIAIjc3ivdJM
+-> ssh-ed25519 KQ5iUA Y5TbQym30kVvTWfgqgjfEmAUMujxS5L4V6t1fbp1kX0
+iLoXFEsBkXQ2GZmVtQu4q7nmAnY/2/3lXenseeqWjOk
+-> ssh-ed25519 0eS5+A JzBJCbrF6AhAX21dfYsxGJu00jqbZ0MAh4YwVez7UkU
+hjVJ5VF0zzjuFtH7gnQ+pfwRqxold5MoAmmYNlyZ3q4
+-> ssh-ed25519 9/4Prw bkSZSKn1m2p0bWWdFW7e4Gro9YMGHPUGeimNxuKfyEo
+lczVsjV2xUxQfpxjWnjw1unIfdj3UbedIR5GJD3VbMs
+-> ssh-ed25519 gAk3+Q q+ITa66nKTkCqpuASVkSlkzwdrBL19pO/qh3nFEC6yQ
+unXHw5MoHpCP2f1U5qxJ6vsh4o7BVdSLcOxebjr0jbg
+-> ssh-ed25519 X6eGtQ m4bLgA38Nw+vJD439D8KTkaowKIVm3Regquj33r55Qg
+7K5JL1bVMg2rIjpi0xF/LGSZyNud35LwrB/L+D6z0WE
+-> ssh-ed25519 0ma8Cw BrFZHrA+3W1pNoGPIRIPI6s2RXMQfY0abP9+YyGq7Hw
+DwZpnkIodmlFaFCSRkHfzRVgcbiNem6ovcgiZZOcqAs
+-> zvus-grease S#+[
+9fcO9tGiB2cdLmluXpcokgQBAWvsI3ejHCEEGXEedCdhWUPGgyrH8LUQcfJ/h5TT
++Nmy8GYL4JBfAvkhX6xxSFeAKsuXtvLbByQM
+--- 2h93POKlR6xzfAmKkS9FE6+v+xnA3eloRgYLKHkx34w
+ÿ¯¹Q_vý…Ò¯sérò1‰?Ͻ;…o„îú<C3AE>ÓÞø)mofÝÚ(ùxeÖ¦ðXÐKI;.!3­¾’ìOñEéª<C3A9>…g§ç›

nixos/secrets/secrets.nix

@@ -4,4 +4,5 @@ in
   "gpg-keys.age".publicKeys = keys.agenixKeys;
   "gpg-passphrase.age".publicKeys = keys.agenixKeys;
   "cache-priv-key.pem.age".publicKeys = keys.agenixKeys;
+  "gitea-runner-token.age".publicKeys = keys.agenixKeys;
 }