Added runner token
This commit is contained in:
fwastring
parent
bc496c8204
commit
ebcdc49ea1
2 changed files with 42 additions and 4 deletions
|
|
@ -16,12 +16,17 @@ with lib;
|
||||||
port = lib.mkOption {
|
port = lib.mkOption {
|
||||||
type = lib.types.int;
|
type = lib.types.int;
|
||||||
default = 8003;
|
default = 8003;
|
||||||
description = "The port that Actual is served on.";
|
description = "The port that Forgejo is served on.";
|
||||||
|
};
|
||||||
|
sshPort = lib.mkOption {
|
||||||
|
type = lib.types.int;
|
||||||
|
default = 3022;
|
||||||
|
description = "The ssh port that Forgejo is served on.";
|
||||||
};
|
};
|
||||||
domain = lib.mkOption {
|
domain = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
default = "git.wastring.com";
|
default = "git.wastring.com";
|
||||||
description = "The hostname that Actual is served on.";
|
description = "The hostname that Forgejo is served on.";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -52,6 +57,37 @@ with lib;
|
||||||
# ${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
|
# ${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
systemd.sockets.forgejo = {
|
||||||
|
requiredBy = [ "forgejo.service" ];
|
||||||
|
wantedBy = [ "sockets.target" ];
|
||||||
|
|
||||||
|
listenStreams = [
|
||||||
|
(toString config.services.forgejo.settings.server.SSH_PORT)
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
sops.secrets.forgejo-runner-token = {};
|
||||||
|
|
||||||
|
services.gitea-actions-runner = {
|
||||||
|
package = pkgs.forgejo-actions-runner;
|
||||||
|
instances.default = {
|
||||||
|
enable = true;
|
||||||
|
name = "monolith";
|
||||||
|
url = "https://git.wastring.com";
|
||||||
|
# Obtaining the path to the runner token file may differ
|
||||||
|
# tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
|
||||||
|
tokenFile = config.sops.secrets.forgejo-runner-token.path;
|
||||||
|
labels = [
|
||||||
|
"ubuntu-latest:docker://node:20-bullseye"
|
||||||
|
# "ubuntu-22.04:docker://node:16-bullseye"
|
||||||
|
# "ubuntu-20.04:docker://node:16-bullseye"
|
||||||
|
# "ubuntu-18.04:docker://node:16-buster"
|
||||||
|
## optionally provide native execution on the host:
|
||||||
|
# "native:host"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services.forgejo = {
|
services.forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
database.type = "postgres";
|
database.type = "postgres";
|
||||||
|
|
@ -63,6 +99,7 @@ with lib;
|
||||||
# You need to specify this to remove the port from URLs in the web UI.
|
# You need to specify this to remove the port from URLs in the web UI.
|
||||||
ROOT_URL = "https://${config.forgejo.domain}/";
|
ROOT_URL = "https://${config.forgejo.domain}/";
|
||||||
HTTP_PORT = config.forgejo.port;
|
HTTP_PORT = config.forgejo.port;
|
||||||
|
SSH_PORT = config.forgejo.sshPort;
|
||||||
};
|
};
|
||||||
# You can temporarily allow registration to create an admin user.
|
# You can temporarily allow registration to create an admin user.
|
||||||
service.DISABLE_REGISTRATION = true;
|
service.DISABLE_REGISTRATION = true;
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@ wireguard_public_key: ENC[AES256_GCM,data:4ETVdAeLrqwPh7LZGN6wounajnh8bD9zdq4GWM
|
||||||
github_password: ENC[AES256_GCM,data:2Q27cc0cqsWFt/lBNUApWPVRQaXi7uZ3UEn051G/Ar8lZs9zTYYWrg==,iv:s81MlK8u7QzP1azsNw2CtKouJqe/pAHZ7wy5aCWEEuI=,tag:Lf9o6RbLdsQ7ZYCMdVXglQ==,type:str]
|
github_password: ENC[AES256_GCM,data:2Q27cc0cqsWFt/lBNUApWPVRQaXi7uZ3UEn051G/Ar8lZs9zTYYWrg==,iv:s81MlK8u7QzP1azsNw2CtKouJqe/pAHZ7wy5aCWEEuI=,tag:Lf9o6RbLdsQ7ZYCMdVXglQ==,type:str]
|
||||||
smtp_password: ENC[AES256_GCM,data:h1K973qeehIIATdoqFhrLiY7XiU=,iv:ltrsG9KZ8rQuSJXNXswMnbIW/N8+CGbRmiTiENzcGTM=,tag:mD/VpM1FqZaiwksWQpAAog==,type:str]
|
smtp_password: ENC[AES256_GCM,data:h1K973qeehIIATdoqFhrLiY7XiU=,iv:ltrsG9KZ8rQuSJXNXswMnbIW/N8+CGbRmiTiENzcGTM=,tag:mD/VpM1FqZaiwksWQpAAog==,type:str]
|
||||||
forgejo-admin-password: ENC[AES256_GCM,data:FuDfqjeQ2T5KcOO1BQ==,iv:ueX7XjbiChuwfYm1B/MJvJaYdWbCmoIs91lj9h9uFYE=,tag:qUszDTRZklwSKrS0PpJhTA==,type:str]
|
forgejo-admin-password: ENC[AES256_GCM,data:FuDfqjeQ2T5KcOO1BQ==,iv:ueX7XjbiChuwfYm1B/MJvJaYdWbCmoIs91lj9h9uFYE=,tag:qUszDTRZklwSKrS0PpJhTA==,type:str]
|
||||||
|
forgejo-runner-token: ENC[AES256_GCM,data:1AUeTy5Sqoa4u5L/TGjt/v69p2xF/mp0oXVv08TA+squzRVW9/t40xfY2yD8HQ==,iv:uWf9jKIIsajh362vY2NBw8od+iOFGfIQ7NJVFgjWlBw=,tag:hCOzvSKoDbKCGceqNkRx7g==,type:str]
|
||||||
sops:
|
sops:
|
||||||
age:
|
age:
|
||||||
- recipient: age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s
|
- recipient: age1jeyw96795qu52swmtkjqgr2w3g4vxc43ckc5r4hlwpje23ptnfwsheah0s
|
||||||
|
|
@ -33,7 +34,7 @@ sops:
|
||||||
OU8yT0cvcnZMMXphMFVHSXpHNjc4dEkKyXiwholsJthB9O7onb0buF6qHNVNZA3s
|
OU8yT0cvcnZMMXphMFVHSXpHNjc4dEkKyXiwholsJthB9O7onb0buF6qHNVNZA3s
|
||||||
A2+HSl5P0HCyaZhDIDBFdaUL2r0CHKOPCN3Lrd5+Rirnx48RnDxwBA==
|
A2+HSl5P0HCyaZhDIDBFdaUL2r0CHKOPCN3Lrd5+Rirnx48RnDxwBA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2025-09-23T11:21:30Z"
|
lastmodified: "2025-09-23T11:59:25Z"
|
||||||
mac: ENC[AES256_GCM,data:/bLDPC0lRZhs/KY3wQ+nEapiIaMjjWCFUVQLgojiGfKvp7Cp7XmyGaHx1GbcxVSbh67TxjlbojEtno6QVtbfT64gFFq6X5Y96S1UCLBgTzsbn7c8NKzXvf3viUPgf8zZJDnKT2nzq6p3FVt+ZNcheZfpBUO1WmXadEbmCNGMR6A=,iv:BAh9rLxGcfNt0xrwgJDe9edLaAHoRFFSb0nnlbH6FMQ=,tag:2f3L7mQ+on/3wy64nhCC/Q==,type:str]
|
mac: ENC[AES256_GCM,data:AND2KnSFn0pgZZ4rT6Vt8sF8IFoysn77JKkiA0c829op3LKZe9NjT0O+PkZegOTlJbqKGyScSNqPidEoVpACAbODd3jtos80AO/LbWHgKo7DUuuPsnB7MgDqFF/khvdQQrvOIVoS0JmDScMnPfzZYYn79dilWuSdUcy0AvCdxPk=,iv:tUG1vtt4hHgHByH8IF9snth34MqesgHQmX6J8QH7vns=,tag:QcUXbmS+8+INuGONOzXL4A==,type:str]
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.10.2
|
version: 3.10.2
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue