homelab/config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Forgejo actions runner

Browse source
This commit is contained in:
kalle 2025-04-13 15:48:39 +02:00
parent 1a4ca1fc60
commit dd431d3798
6 changed files with 87 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
docs/roles/forgejo-runner.md Normal file
View file

@ -0,0 +1,13 @@
# Forgejo runner role
Forgejo actions runner
## Notes
- Requires runner token generated at `FORGEJO_URL/admin/actions/runners`.
## Options
### `forgejo-runner.url`
The URL of the forgejo instance to register to.
## Secrets
### `forgejo_runner/token`
The token used to register the runner with the forgejo instance

2
example_secrets.yaml
View file

@ -19,6 +19,8 @@ forgejo:
email_from: mail@example.com email_from: mail@example.com
email_username: mail@example.com email_username: mail@example.com
email_password: ADifferentVeryLongSecurePassword email_password: ADifferentVeryLongSecurePassword
forgejo_runner:
token: RandomTokenFromForgejo
freshrss: freshrss:
db_pass: AVeryLongSecurePassword db_pass: AVeryLongSecurePassword

5
hosts/git.nix
View file

@ -9,11 +9,14 @@
roles = with roles; [ roles = with roles; [
postgres postgres
podman
forgejo forgejo
forgejo-runner
]; ];
config = { config = rec {
forgejo.domain = "git.${hlConfig.domain}"; forgejo.domain = "git.${hlConfig.domain}";
forgejo-runner.url = "https://${forgejo.domain}";
}; };
stateVersion = "24.05"; stateVersion = "24.05";
} }

62
roles/forgejo-runner.nix Normal file
View file

@ -0,0 +1,62 @@
{
name = "Forgejo runner";
description = ''
Forgejo actions runner
'';
nixosModule =
{
pkgs,
lib,
config,
...
}:
{
options.forgejo-runner = {
url = lib.mkOption {
type = lib.types.str;
};
};
config =
let
cfg = config.forgejo-runner;
in
{
sops.secrets = {
"forgejo_runner/token" = {
owner = "root";
};
};
# environment.persistence."/persistent" = {
# directories = [
# "/var/lib/private/gitea-runner/runner"
# ];
# };
sops.templates."forgejo_runner_token.env" = {
owner = "root";
content = ''
TOKEN=${config.sops.placeholder."forgejo_runner/token"}
'';
};
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true;
name = "runner";
url = cfg.url;
tokenFile = config.sops.templates."forgejo_runner_token.env".path;
labels = [
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
];
};
};
};
};
}

1
roles/podman.nix
View file

@ -15,6 +15,7 @@
options.podman = { options.podman = {
containers = lib.mkOption { containers = lib.mkOption {
type = lib.types.attrs; type = lib.types.attrs;
default = { };
}; };
}; };

8
secrets/git.yaml
View file

@ -5,6 +5,8 @@ forgejo:
email_from: ENC[AES256_GCM,data:xFFAgVmf0boB0mOcQKKhiiRQ,iv:P8jW12RYOp4zwnRKGxjFPpTU6vS6LYozTXGPoGqXv3Q=,tag:MnIKOW3NQUumWDNLZogSzw==,type:str] email_from: ENC[AES256_GCM,data:xFFAgVmf0boB0mOcQKKhiiRQ,iv:P8jW12RYOp4zwnRKGxjFPpTU6vS6LYozTXGPoGqXv3Q=,tag:MnIKOW3NQUumWDNLZogSzw==,type:str]
email_username: ENC[AES256_GCM,data:iJ70yLlPzsmCkuq6XvsKpujx,iv:XlA7n1GIVhgWuGWoD3io0jSPy5pdlmwzyMdqztQqyGo=,tag:5YsLkLD0SOn0YJhKEKvJ8Q==,type:str] email_username: ENC[AES256_GCM,data:iJ70yLlPzsmCkuq6XvsKpujx,iv:XlA7n1GIVhgWuGWoD3io0jSPy5pdlmwzyMdqztQqyGo=,tag:5YsLkLD0SOn0YJhKEKvJ8Q==,type:str]
email_password: ENC[AES256_GCM,data:Wx1y1hyIeT+D0k5kXflo86cYl3Q=,iv:uTTIsEK0y1pCIsophxBNwEKoYBBNDa8qv4arjj9c4Mw=,tag:obv6lL2btVLf9365vyb+Pg==,type:str] email_password: ENC[AES256_GCM,data:Wx1y1hyIeT+D0k5kXflo86cYl3Q=,iv:uTTIsEK0y1pCIsophxBNwEKoYBBNDa8qv4arjj9c4Mw=,tag:obv6lL2btVLf9365vyb+Pg==,type:str]
forgejo_runner:
token: ENC[AES256_GCM,data:gd/n3MihZZRS2cglRT3hn/9UkQ5/mV84UfuxbTHpphhNZd66Gxl0Mw==,iv:gXeNSJngn2sW37/WuIKCQK64xHqOtJP893KVFolKY20=,tag:cU/PHp5KXv3GRnKpSth8BA==,type:str]
postgres: postgres:
forgejo: ENC[AES256_GCM,data:jG1RpH+5t9Q2aBiB0s/euEj5xLd7+7ZY7wQ9klskjFIDbjfDT8A+Llm2VlVbQDgXlhvfGjLIA2OiR4vaEH9U4g==,iv:POoGsB0P8VmuAM16IoQinGpnkpxQxb3rNDo88THfOwQ=,tag:FazT+fvxjh0AfLsoVHD+qw==,type:str] forgejo: ENC[AES256_GCM,data:jG1RpH+5t9Q2aBiB0s/euEj5xLd7+7ZY7wQ9klskjFIDbjfDT8A+Llm2VlVbQDgXlhvfGjLIA2OiR4vaEH9U4g==,iv:POoGsB0P8VmuAM16IoQinGpnkpxQxb3rNDo88THfOwQ=,tag:FazT+fvxjh0AfLsoVHD+qw==,type:str]
sops: sops:
@ -40,8 +42,8 @@ sops:
TWZsbWF0U3pCZmJKRjQwRGhKNmN6d2sKgwe0htUOOw4FEC5Xvg7FAnnb8jpt+pRP TWZsbWF0U3pCZmJKRjQwRGhKNmN6d2sKgwe0htUOOw4FEC5Xvg7FAnnb8jpt+pRP
x7OUZZG/Jeb99at9YqjJDJp2hB6SsnZsHgqrrHupqGoAYZncAF4Ngg== x7OUZZG/Jeb99at9YqjJDJp2hB6SsnZsHgqrrHupqGoAYZncAF4Ngg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-08T10:49:24Z" lastmodified: "2025-04-13T13:46:14Z"
mac: ENC[AES256_GCM,data:DczVEHMow0k66KVcfU9tlsg131VUZhwUMSiDLBTb22KtHJs/eSrjqQ+P+naTX8a4lOAn4KzQiRugl1AieBmPhB77RyFjM2WRDLYZlbxv9d8StjNlgAdpOok4aGhxf8fncI+op+Gk5HOSoVsT7IVnofK+0V+14XhmgfQJpHuP2yE=,iv:Z4yfkbrvhlubP8DNhGkfwzvOI1CRJBgo7MolxGV3/EU=,tag:ptATWw7zn0UP/GFBRSy/bg==,type:str] mac: ENC[AES256_GCM,data:fuUcngHun2tLyDFAmHAK2g8VEapiDJqYoRnpZkHdI8EfCDYkNBuY9rcKKeTni4qrndWU6+0eI9tYsALEO3LKCk25+rezXvN4sA8fDndh+pQpPP8yG2KtDkljE8XyHzmRqM7LSny23y/J44iiCNOGGE+SpEmQOTK+3fQIiS+AlTI=,iv:5EuYNhYVnLbKlbI0lHzigMByFDcztU8jVorAtKzobSw=,tag:Qi1kIHzkOKM6c9CoR9c2tg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.4