diff --git a/config/nas.nix b/config/nas.nix index 1d73b2a9..647f4b21 100644 --- a/config/nas.nix +++ b/config/nas.nix @@ -39,6 +39,7 @@ ./services/synapse.nix ./services/heisenbridge.nix #./services/kubernetes.nix + ./services/forgejo-runner.nix ]; hardware.cpu.amd.updateMicrocode = true; diff --git a/config/rainbow-resort.nix b/config/rainbow-resort.nix index 6becc7c4..88bd1e58 100644 --- a/config/rainbow-resort.nix +++ b/config/rainbow-resort.nix @@ -19,6 +19,7 @@ nixos-hardware.nixosModules.common-pc-ssd ./users/remote-build.nix #./services/kubernetes.nix + ./services/forgejo-runner.nix ]; hardware.cpu.amd.updateMicrocode = true; boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" "k10temp"]; diff --git a/config/services/forgejo-runner.nix b/config/services/forgejo-runner.nix new file mode 100644 index 00000000..3d0b8e46 --- /dev/null +++ b/config/services/forgejo-runner.nix @@ -0,0 +1,18 @@ +{ + pkgs, + config, + ... +}: { + services.gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances.default = { + enable = true; + name = config.networking.hostName; + url = "https://git.chir.rs"; + # Obtaining the path to the runner token file may differ + tokenFile = config.sops.secrets."services/forgejo-runner".path; + labels = []; + }; + }; + sops.secrets."services/forgejo-runner" = {}; +} diff --git a/secrets/nas.yaml b/secrets/nas.yaml index 4cf8149e..19a89160 100644 --- a/secrets/nas.yaml +++ b/secrets/nas.yaml @@ -18,6 +18,7 @@ services: github_token: ENC[AES256_GCM,data:K3EbLFMNGdG5ZWQqdyUu+1Prtvb37AY2iNhSBzcuNyvW4gocGTr9PA==,iv:pa2KHxQpUvtZRjhFjJhZO5RDwWPWTaIlHVetYtGjt2g=,tag:osKk8GucgoUMle+ZctLlCg==,type:str] aws_credentials: ENC[AES256_GCM,data:Jqlm/51nraW5Z8Tz1wYKghcPqTFZtSHb5bC2/EKjYjQfcd504AHFNlAQjlsa0vdf5hyca9401PpeWuxxPb2jnKdRqYSh/JXqNKIXNDySJIdHbEwdBSW6Y9thzBldUfkpVIOAJgjGJmA69XIYCNaq75UJ3rE=,iv:GWx0SNEXr8JYttiWuzu0LK2V0cr0+mk7DTty2llEgyE=,tag:IsB+Y6ErXmmzR80z/L3C7g==,type:str] akkoma-key: ENC[AES256_GCM,data:0lPd+1JnjQpiDiyhOwNzCVrwA7PbQc7sK/INLOy1QiVbWmJ7C5ziwxU3AA==,iv:SZaD9QHxR6+NFiFYeC0H985/GlEEJ+QKocpo7FFg7Ls=,tag:jEGg4N42MJ/qPoIkN3q5cQ==,type:str] + forgejo-runner: ENC[AES256_GCM,data:1fcWhJcz5ibccqdEFXYcC6k2w7mgWxi1cWl02K82hcjJwktQS6Oxyg==,iv:L48DB1nsheWRL7XKy3m+xcU2JuMo+uGRp/4eNMHkAm8=,tag:lGMMcuES5jP9mJJV3xJSrw==,type:str] security: acme: dns: ENC[AES256_GCM,data:wlwS5g6p62ilVCNuNFg1atTR+RdPRSQY6jXJwdUkQsXM15fSc2+wwWGGMtLVKnfvPH+0R+jVy+Xeu+Xya8D+HvnO2zV4cz5DV3Fqq0McCcQBVBpx1jJaU0+BvrVh5+ZwVerla8re6/0wYoVFjyVUy1EbvGYsgGS12WFoW+WdUOgZKvGqlbl3LRn27Lrht+xnk7D/46EN6VpQls/4jK1aD5WS/YDEersEdPPcAhe3LUZfHgzUsVgOJAZYhghQQqgWG60rXk/1XkMH2HrU6a3zb/obu0PU,iv:c6zY25WBevtBoKqDv7ITELkTP4yf29AAZuFEZ9w8atM=,tag:cztLn1oAekz7JLThf9kLEg==,type:str] @@ -59,8 +60,8 @@ sops: Kytvc1lyRHRrRXRjaEV0V3ZDcUgzVVkKkqr0FcWUCkTYLIXJKuY5/LJX1odVaF4s P2BLyjXj81078QjKwTyXskFV36uWM70LoVfkxBRTMZO/4O+BCwRpkg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-25T07:41:49Z" - mac: ENC[AES256_GCM,data:ct+TcTzTZ3cAK8XIypBFdmlDtadUeN3b8jVSpre8aZ4YHiEibY3jp55EG3qOvi26bClGkfaWn7Jw/QmUjs530s7830HK2YzOY7FaMRFS9hcvoM9AuHnI7tIoaeaeIYZfsciIkVAZ0Cj0gXlQHE5UFbdIMV2GnCO4EsmaDPDR5mI=,iv:n9N01RZ7ovXwTyyCvaAt/x8AL7QXH9iu+/uU7qPltSE=,tag:rN85ZJNzOuC7tuFQw4fhug==,type:str] + lastmodified: "2024-09-04T13:39:51Z" + mac: ENC[AES256_GCM,data:h0GeClMH93L0tqCtWdudOP6Ek8jXi4R9IsRi3+539ntM6v/jWhoob13uOrOOSgB1Oit7EMKq0urvq+qo/l/rTpKIrZp7iRd7CgMTQH14/PNjAv5PfOyw22TH6zAz/TnFklVa7S9OxjSzzLTouBiJpPCjFPxOtFftVqhtq0iEcsM=,iv:PWx0blMVVrAgDREiY84rgI2M/gcnqNRqhoWBBeK3pCE=,tag:nSv+4xyfDonutkzPIKjJxQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/secrets/rainbow-resort.yaml b/secrets/rainbow-resort.yaml index 979462df..641aa996 100644 --- a/secrets/rainbow-resort.yaml +++ b/secrets/rainbow-resort.yaml @@ -4,6 +4,8 @@ email: password: root: ENC[AES256_GCM,data:NLyFpKA2YgH/lfX7rdxjV7JckSaQ9vUutf7BcTXBskMRoi3oDGoMHnaLT9hhSfrp0xM3qDZWKyuVRq2bYf1JKrFnQe2btoZQj3NPxgIojNF9Eys5BFTp78eBxsB+AqqUg1LLzhIi47EDow==,iv:xtj6j7SyguvUqKhqvqFTyTQ6XpcLVpIGOJBt6N4CrL8=,tag:7A0DTcGZim4+IjIW5XO3Mg==,type:str] darkkirb: ENC[AES256_GCM,data:d82Q/Ew17WJK/qafVt8R1517ECOuGf1XaVzH7IqmyivZSVyXSTi2Wr43kV0P66FaponFN/ZvUL8YsghiepKxNVen/vqqJuI2R7aYApHH3RkbawCVperoj4rQlPeiHThuQEXTQDUX9W0ZlA==,iv:XuRk2NPyBEMZ9vaudLI6kQum0GM2PkVjWWovoabAnaw=,tag:F5iM9TeqV8/qlyMTkeJgfQ==,type:str] +services: + forgejo-runner: ENC[AES256_GCM,data:u2uzNriMPaQyWeutHLtIQlJ0zVjFosK0/bHOyBUpoyJgRKRn6a17EA==,iv:LnLzk049uZXdzvKXe0xKEWLZCHn7G52zG3nk5UeyZxw=,tag:dWbEWIpgunXWXM0ydPURqA==,type:str] sops: kms: [] gcp_kms: [] @@ -28,8 +30,8 @@ sops: L1VEMnRsUmI5WGF6Vi9pZk42TmoyZlkKbG8GdQ0Dj5QWxw4qseVIa3vvFnnpH3tz T/F3/KnytQIApgAO07I/9wpHXE8IvrFjv/v37zmcNit5JHBYxtGlkQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-06T08:54:57Z" - mac: ENC[AES256_GCM,data:3eakPmbRho+iJgAyeLTeNV0LnVVhmjQCLp3IXwx01iVH/2gGdTbEWxrrYelKfNJ+P75F8KZc6DU267fLcAb+wfoo/+IivQJ4UlfZg9hcth/Z3CuITQKEGj2DTUAO3rUAPQbhCt6/GAZoC+p9hW4mxiMTDEDqEczSCgSkDd0vDEk=,iv:m20DJpl9aNkAut9fc2geSeIq4jMRz1DOrGg3sR5n9ms=,tag:OiJ7JGnfU0gD33zc+ZtH2Q==,type:str] + lastmodified: "2024-09-04T13:40:06Z" + mac: ENC[AES256_GCM,data:tedlWR36eR6LN/pk+1xMaa3K+idOYNidrYnUczKVICFnAhSM6DB6QbfgyxH70uEV7bJaGJiOa1M4/N/ZC7rOTkJe5RNgpwZ6X2feC0stlwhC6zucWqm2kbPu2hAw3bevlPCQNLwtg+2ijXA0zzMauYx17Bpn7bNvz91/MRTo3ts=,iv:dNm983LFrLj5HjPiYiJ0Dx67DWvV2AZ2RLoGCAxhaGo=,tag:XJG9UNTw2UnDS7fDkMhA5Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0