SK-Development-Studios/Nixos-Configuration
2
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wip
Some checks are pending
/ test (push) Waiting to run
Details

Browse source
This commit is contained in:
Jermeiah S 2025-06-19 21:45:48 -04:00
parent 20955ecb62
commit f401e5864d
No known key found for this signature in database
2 changed files with 11 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

12
configurations/nixos/forgejo-runner/default.nix
View file

@ -1,4 +1,5 @@
{ {
lib,
flake, flake,
modulesPath, modulesPath,
config, config,
@ -21,20 +22,22 @@ in
trusted-users = [ "gitea-runner" ]; trusted-users = [ "gitea-runner" ];
}; };
sops.secrets.forgejo-runners-token = { sops.secrets.forgejo-runners-token = {
owner = "gitea-runner"; # owner = "gitea-runner";
group = "gitea-runner"; # group = "gitea-runner";
mode = "0777";
}; };
services.gitea-actions-runner = { services.gitea-actions-runner = {
package = pkgs.forgejo-runner; package = pkgs.forgejo-runner;
instances = { instances = {
native = { native = {
enable = true; enable = true;
url = "https://git.skdevstuios.com"; url = "https://git.skdevstudios.com";
name = "nix"; name = "nix";
labels = [ "nix:host" ]; labels = [ "native:host" ];
tokenFile = config.sops.secrets.forgejo-runners-token.path; tokenFile = config.sops.secrets.forgejo-runners-token.path;
hostPackages = with pkgs; [ hostPackages = with pkgs; [
nix nix
opentofu
nodejs nodejs
git git
bash bash
@ -52,6 +55,7 @@ in
tty-ips.enable = true; tty-ips.enable = true;
}; };
networking = { networking = {
firewall.enable = lib.mkForce false;
hostName = "base"; hostName = "base";
}; };
environment.systemPackages = [ environment.systemPackages = [

6
secrets.yaml
View file

@ -1,5 +1,5 @@
otfenv: ENC[AES256_GCM,data:vHSZN364zAhuTBii4IGbQk3bPCu7GBR7K8Z8ce3U/uIOCXNvEi3micq+AEPEooPEQkWL/eslg92uREcgo/JEMYbSuWHWLFNNehhYTeBZ+YXLwuDgJLWzaJGouktF1aF7uQDMsydaX2UjUnLQjf/VdJm3YnoJAGE3QQtbp9ehK0YiHA1hS3XMlwvNuepZfX8Hx7qZTEs6zNa3R8tZvj24jryVsGFvTN+0R1pb7YvqXeLhR3tCkm53S2IJFFXebq2EdaHNbyEIGmfcK2uhdSvpXiGI,iv:lwADUz6mA//G0/jAdAp1eRkn9RvRXXzps5r5RIpWR5A=,tag:YlNtrT4t0R6SYxIR1tRe4g==,type:str] otfenv: ENC[AES256_GCM,data:vHSZN364zAhuTBii4IGbQk3bPCu7GBR7K8Z8ce3U/uIOCXNvEi3micq+AEPEooPEQkWL/eslg92uREcgo/JEMYbSuWHWLFNNehhYTeBZ+YXLwuDgJLWzaJGouktF1aF7uQDMsydaX2UjUnLQjf/VdJm3YnoJAGE3QQtbp9ehK0YiHA1hS3XMlwvNuepZfX8Hx7qZTEs6zNa3R8tZvj24jryVsGFvTN+0R1pb7YvqXeLhR3tCkm53S2IJFFXebq2EdaHNbyEIGmfcK2uhdSvpXiGI,iv:lwADUz6mA//G0/jAdAp1eRkn9RvRXXzps5r5RIpWR5A=,tag:YlNtrT4t0R6SYxIR1tRe4g==,type:str]
forgejo-runners-token: ENC[AES256_GCM,data:yPnNHv3Df88rtWNk3brIEfEGB7R0rjVFhUM3QCqe1Pjdc9NUQpEa+A==,iv:bDoxUZuL/I+tX01hq2XX1iUkR9C2jH9Pyi/zoUTHaDk=,tag:qnp9IuFD4MnIU38ZzYmBkQ==,type:str] forgejo-runners-token: ENC[AES256_GCM,data:y6m9JciySpqJ8QOtHGoUG5McPXyZSODqRHCLVY0m+O+vfys2tvmkK3fGKtOlNA==,iv:NYbjaOkRumwJbZBPZlltIeQkaNOrUKQLmVb0uFNXX+g=,tag:f+rH81mGvS0QKrfmLoXEHQ==,type:str]
sops: sops:
age: age:
- recipient: age1ja6zky2xlptgmu04ghp30z9gcyw240p4p8jpqeznt9msmmrwjdjshl6rx3 - recipient: age1ja6zky2xlptgmu04ghp30z9gcyw240p4p8jpqeznt9msmmrwjdjshl6rx3
@ -38,7 +38,7 @@ sops:
aXdJMnFId3Nnc093cVpNOGUyKzFuYlEKaszE8RHwN9EQYKemh9fVq6O/YxmC5nMM aXdJMnFId3Nnc093cVpNOGUyKzFuYlEKaszE8RHwN9EQYKemh9fVq6O/YxmC5nMM
hV6FMTuZC/pE75Zzmz8f2ZFHJrqwQB/2xgTpMiudvbQHrZRUEKMCEA== hV6FMTuZC/pE75Zzmz8f2ZFHJrqwQB/2xgTpMiudvbQHrZRUEKMCEA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-06-19T22:14:53Z" lastmodified: "2025-06-19T23:51:21Z"
mac: ENC[AES256_GCM,data:+ZqfswH9QT2NKK+PB5WkUDT03zAISck2Qsedt7RMuIVNExpCBvxp81o9SLPZ+H4BHrkCGNeMlS6rCsXReVZZUf5ds8i6+Fx/DvYmtniH1ef7KMJMLEjVVcP0kMgHnFQ+ILW41zVB3q/84+Q04i9uSpsdD7N4oZfZE7Ho2FtmpEI=,iv:E4l247QlwoSYPi67urzXwi4cFz1e9+4wnPdI3uxpF+8=,tag:aZWlZTdp4wscMLDqQy7Vcw==,type:str] mac: ENC[AES256_GCM,data:gw9Z6NBqNqNRh+34pL9jis4x01AOx7+4dVQn69dciWcxSoWltfyUxj0LkthKYWSVezv4nruB3PAShNaTdn2xdmDhCoT/MuSeMa7VrnblyFzPs0yshdOoaqk8zit4pjegZCrpbUh4TYZs0Tfjhd58PoSGaCpqtESTSfR6wL76U/g=,iv:xfYQHTTSlmRavM/HR+cATIKuvEwzIoU8iHkUM0/XdDo=,tag:Ujk7J2qwd5vcxBz+Q3JDUw==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2