Added runner token

2025-09-23 15:31:53 +02:00 · 2025-09-23 15:31:53 +02:00 · ebcdc49ea1
commit ebcdc49ea1
parent bc496c8204
2 changed files with 42 additions and 4 deletions
--- a/moduler/services/forgejo/default.nix
+++ b/moduler/services/forgejo/default.nix
@ -16,12 +16,17 @@ with lib;
      port = lib.mkOption {
        type = lib.types.int;
        default = 8003;
-        description = "The port that Actual is served on.";
+        description = "The port that Forgejo is served on.";
+      };
+      sshPort = lib.mkOption {
+        type = lib.types.int;
+        default = 3022;
+        description = "The ssh port that Forgejo is served on.";
      };
      domain = lib.mkOption {
        type = lib.types.str;
        default = "git.wastring.com";
-        description = "The hostname that Actual is served on.";
+        description = "The hostname that Forgejo is served on.";
      };
    };
  };
@ -52,6 +57,37 @@ with lib;
          # ${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
        '';

+      systemd.sockets.forgejo = {
+        requiredBy = [ "forgejo.service" ];
+        wantedBy = [ "sockets.target" ];
+
+        listenStreams = [
+          (toString config.services.forgejo.settings.server.SSH_PORT)
+        ];
+      };
+
+      sops.secrets.forgejo-runner-token = {};
+
+      services.gitea-actions-runner = {
+        package = pkgs.forgejo-actions-runner;
+        instances.default = {
+          enable = true;
+          name = "monolith";
+          url = "https://git.wastring.com";
+          # Obtaining the path to the runner token file may differ
+          # tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
+          tokenFile = config.sops.secrets.forgejo-runner-token.path;
+          labels = [
+            "ubuntu-latest:docker://node:20-bullseye"
+            # "ubuntu-22.04:docker://node:16-bullseye"
+            # "ubuntu-20.04:docker://node:16-bullseye"
+            # "ubuntu-18.04:docker://node:16-buster"
+            ## optionally provide native execution on the host:
+            # "native:host"
+          ];
+        };
+      };
+
      services.forgejo = {
        enable = true;
        database.type = "postgres";
@ -63,6 +99,7 @@ with lib;
            # You need to specify this to remove the port from URLs in the web UI.
            ROOT_URL = "https://${config.forgejo.domain}/";
            HTTP_PORT = config.forgejo.port;
+            SSH_PORT = config.forgejo.sshPort;
          };
          # You can temporarily allow registration to create an admin user.
          service.DISABLE_REGISTRATION = true;