Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add gitea runner

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2023-12-05 23:34:41 +01:00
parent fdd00af834
commit 528c030588
2 changed files with 58 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
hosts/fw.cloonar.com/modules/gitea.nix
View File

@@ -14,6 +14,18 @@ let
group = { group = {
gid = cids.gids.gitea; gid = cids.gids.gitea;
}; };
runner-user = {
isSystemUser = true;
uid = cids.uids.gitea-runner;
group = "gitea-runner";
home = "/var/lib/gitea";
createHome = true;
};
runner-group = {
gid = cids.gids.gitea-runner;
};
in in
{ {
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
@@ -104,4 +116,47 @@ in
system.stateVersion = "23.05"; system.stateVersion = "23.05";
}; };
}; };
users.users.gitea-runner = runner-user;
users.groups.gitea-runner = runner-group;
sops.secrets.gitea-runner-token = {
owner = "git-runner";
};
containers.git-runner = {
autoStart = true;
ephemeral = true; # because of ssh key
macvlans = [ "vserver" ];
bindMounts = {
"/run/secrets/gitea-runner-token" = {
hostPath = config.sops.secrets.gitea-runner-token.path;
isReadOnly = true;
};
};
config = { lib, config, pkgs, ... }: {
networking = {
hostName = "git-runner";
nameservers = [ "10.42.97.10" ];
interfaces.mv-vserver = {
useDHCP = true;
};
firewall = {
enable = true;
};
};
services.gitea-actions-runner.instances.main = {
enable = true;
url = "https://git.cloonar.com";
name = "main";
tokenfile = "/run/secrets/gitea-runner-token";
};
users.users.gitea-runner = runner-user;
users.groups.gitea-runner = runner-group;
system.stateVersion = "23.05";
};
};
} }

5
hosts/fw.cloonar.com/secrets.yaml
View File

@@ -5,6 +5,7 @@ wg_cloonar_key: ENC[AES256_GCM,data:Dtp6I5J0jU5LLVwEFU4DFCpUngPRmFMebGXnk2oSwsKt
wg_epicenter_works_key: ENC[AES256_GCM,data:LeLjfwfaz+loWyHYRgIMIPzHzlOnhl9tluKcQFgdes6r+deft1JfnUzDuF0=,iv:DKrc3I+U2hWDH8nnc8ZQeaVtA1eVXu7SXdTn1fxHoH4=,tag:V0PL0GrL2NEPVslAZa801A==,type:str] wg_epicenter_works_key: ENC[AES256_GCM,data:LeLjfwfaz+loWyHYRgIMIPzHzlOnhl9tluKcQFgdes6r+deft1JfnUzDuF0=,iv:DKrc3I+U2hWDH8nnc8ZQeaVtA1eVXu7SXdTn1fxHoH4=,tag:V0PL0GrL2NEPVslAZa801A==,type:str]
wg_epicenter_works_psk: ENC[AES256_GCM,data:Den3NDWdP013Or6/2Vll1igUahuRSNW4hu+nDa5vkr93bbveQTaWFT4TD4U=,iv:r3UsD3+3lUIP2X3Grti7wpXTQBXtu1/MdrycEmpZfsI=,tag:ghbAcxmjGVOe9jCZsmFzjA==,type:str] wg_epicenter_works_psk: ENC[AES256_GCM,data:Den3NDWdP013Or6/2Vll1igUahuRSNW4hu+nDa5vkr93bbveQTaWFT4TD4U=,iv:r3UsD3+3lUIP2X3Grti7wpXTQBXtu1/MdrycEmpZfsI=,tag:ghbAcxmjGVOe9jCZsmFzjA==,type:str]
wg_ghetto_at_key: ENC[AES256_GCM,data:OIHmoy3SpIi9aefZnZ1PzpyHbEso18ceoTULf2eQkx1rJbaxC6PD1lma7eQ=,iv:u0eFjHHOBzPTmBvBEQsYY5flcBayiAQKd6e7RyiPwJI=,tag:731C9wvv8bA5fuuQq+weVQ==,type:str] wg_ghetto_at_key: ENC[AES256_GCM,data:OIHmoy3SpIi9aefZnZ1PzpyHbEso18ceoTULf2eQkx1rJbaxC6PD1lma7eQ=,iv:u0eFjHHOBzPTmBvBEQsYY5flcBayiAQKd6e7RyiPwJI=,tag:731C9wvv8bA5fuuQq+weVQ==,type:str]
gitea_runner_token: ENC[AES256_GCM,data:m8Np9AAPMQX3i7i2s6WT8TKjXJTgpsa43RAfiV3Jh9fM0qhZ4S4ouA==,iv:3WJPPjboAH0AU0MECtEiPVRwqrNNXeuNW9gXhKmfz1k=,tag:3A5Du5PeQ39ztlaS238AUg==,type:str]
drone: ENC[AES256_GCM,data:S8WTZqGHfcdpSojavZ87GdE5dagcTAdHBVQEbHHgnB4V7aczS6c5QdEJxK920Pjpf6o54OOQYniVsPiiXSxwjExDKPzhs/DG2hfigmf8RgfkP+3tF2W0KiPmV2jxog8w226ZKnI+hSBs8tuIfJBhrpY7Y/YNmTPfq+cnnLS8ibYqytcpzoogI9I8THzHCu3r+yejoGSyTMs9L4gPhOjz5aK4UV6V,iv:zqN/aSBI3xGGNDnpHPGyQnQP2YZOGUk6dAGtON/QlHU=,tag:o9YFDKAB5uR9lPmChyxB8g==,type:str] drone: ENC[AES256_GCM,data:S8WTZqGHfcdpSojavZ87GdE5dagcTAdHBVQEbHHgnB4V7aczS6c5QdEJxK920Pjpf6o54OOQYniVsPiiXSxwjExDKPzhs/DG2hfigmf8RgfkP+3tF2W0KiPmV2jxog8w226ZKnI+hSBs8tuIfJBhrpY7Y/YNmTPfq+cnnLS8ibYqytcpzoogI9I8THzHCu3r+yejoGSyTMs9L4gPhOjz5aK4UV6V,iv:zqN/aSBI3xGGNDnpHPGyQnQP2YZOGUk6dAGtON/QlHU=,tag:o9YFDKAB5uR9lPmChyxB8g==,type:str]
home-assistant-ldap: ENC[AES256_GCM,data:uZEPbSnkgQYSd8ev6FD8TRHWWr+vusadtMcvP7KKL2AZAV0h1hga5fODN6I5u0DNL9hq2pNM+FwU0E/svWLRww==,iv:IhmUgSu34NaAY+kUZehx40uymydUYYAyte1aGqQ33/8=,tag:BKFCJPr7Vz4EG78ry/ZD7g==,type:str] home-assistant-ldap: ENC[AES256_GCM,data:uZEPbSnkgQYSd8ev6FD8TRHWWr+vusadtMcvP7KKL2AZAV0h1hga5fODN6I5u0DNL9hq2pNM+FwU0E/svWLRww==,iv:IhmUgSu34NaAY+kUZehx40uymydUYYAyte1aGqQ33/8=,tag:BKFCJPr7Vz4EG78ry/ZD7g==,type:str]
home-assistant-secrets.yaml: ENC[AES256_GCM,data:8LH3rrbkpRIFuKZmXe7EHcXPlkzfbdaxX7ssWjIUJ0FQ2QbMUOFsrxVt4diMVHJuaDCoC5gXIwWYDXw4yQj+4Pdf0cwk2MiXj2S9O7GxuOQzP4V1Ab4HeLJOXbGP4cigzNak5epbBiyJY13mVPVgjxX2M4GkuB2TXCOZ5GpvHHv0IvNcc6ymov/XkpJh7MOkyKw45jrYjiV/8dSTORhcWms5J/YgRpSQ/XijWkzucsisNyYk6mKYSq5O4xWFNEF1YC5FFr+rX7xzsbAp0niG3r1d+qcxYHOe0KPB0auxdxif3wQELAp/tosm4l+H+llw3t6STdFVUeBHC+naAwr0QTYB2a7yWLvb6Eh9CYQ7Z3qS/CvvVKs3sB0djRU42FZ9O4c2XcMllP0f3nVaF+DnLpaxgCdLoGPBhYdyTniBij+JudvGZvpWZUFLRlx49zC07RMRG4k+xMA4bAJkiLb+T+b30ur7N+EUgCOyp2FROc1ngCiJqr+cYbnWN1wqougm+pM+GxNZNwakiw1RFJPcOzpjtuwYp/gEKOC+Sz3Qkl4VpYxj7t7fikV0s5r+HzuNFa7gFWpApeRt6YuffQRWhlPVlCOkrQUhRl3YPG9khQ==,iv:r5Vb1ucVrMD0xZOuVnyRJ4El5sCBru/4nOV74pz+tA0=,tag:SwrBmA++GWVzf/0lWSuCpg==,type:str] home-assistant-secrets.yaml: ENC[AES256_GCM,data:8LH3rrbkpRIFuKZmXe7EHcXPlkzfbdaxX7ssWjIUJ0FQ2QbMUOFsrxVt4diMVHJuaDCoC5gXIwWYDXw4yQj+4Pdf0cwk2MiXj2S9O7GxuOQzP4V1Ab4HeLJOXbGP4cigzNak5epbBiyJY13mVPVgjxX2M4GkuB2TXCOZ5GpvHHv0IvNcc6ymov/XkpJh7MOkyKw45jrYjiV/8dSTORhcWms5J/YgRpSQ/XijWkzucsisNyYk6mKYSq5O4xWFNEF1YC5FFr+rX7xzsbAp0niG3r1d+qcxYHOe0KPB0auxdxif3wQELAp/tosm4l+H+llw3t6STdFVUeBHC+naAwr0QTYB2a7yWLvb6Eh9CYQ7Z3qS/CvvVKs3sB0djRU42FZ9O4c2XcMllP0f3nVaF+DnLpaxgCdLoGPBhYdyTniBij+JudvGZvpWZUFLRlx49zC07RMRG4k+xMA4bAJkiLb+T+b30ur7N+EUgCOyp2FROc1ngCiJqr+cYbnWN1wqougm+pM+GxNZNwakiw1RFJPcOzpjtuwYp/gEKOC+Sz3Qkl4VpYxj7t7fikV0s5r+HzuNFa7gFWpApeRt6YuffQRWhlPVlCOkrQUhRl3YPG9khQ==,iv:r5Vb1ucVrMD0xZOuVnyRJ4El5sCBru/4nOV74pz+tA0=,tag:SwrBmA++GWVzf/0lWSuCpg==,type:str]
@@ -32,8 +33,8 @@ sops:
Tlo3NHBlMkJEaXNOZkxSKytGSDNEMWcKquNuAzbPWwAjqc65BcAA/DMltFjC6Ayb Tlo3NHBlMkJEaXNOZkxSKytGSDNEMWcKquNuAzbPWwAjqc65BcAA/DMltFjC6Ayb
CKmJ7kaYFFUAIuBXhksvlH2b7vRZLT1QlwqUcRIRjxe+mZnsMIqE7w== CKmJ7kaYFFUAIuBXhksvlH2b7vRZLT1QlwqUcRIRjxe+mZnsMIqE7w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-02T11:19:07Z" lastmodified: "2023-12-05T22:25:09Z"
mac: ENC[AES256_GCM,data:jSoQBZ0yuVZ1r0cJhbmwnyuwxZ8MUAmbf7i3K/vw+BN8uh7CZGCvlw17804vEO4xcv3jnykde5DcOMGGL3YmDu3OkOoE1MVbJutqUShVVS6qkPP5VAZ0+VR+nVG7S7n+w3acCurZJU2k2LQp2rdVLOEU6hWtNrQQSX+hQ2hj8Io=,iv:quN45kpLy0c+35fkQlTEsunF3lal+Tq+CQIlAFdk608=,tag:pc2U9T5T8Df/vDyVwpePFA==,type:str] mac: ENC[AES256_GCM,data:snd67aDDSWJXRQH3jbOz4nZ3uwDLhpHgdWMmvyaXyITTAlQqvZ0yu+hvDexxiIrDz74UeUes2yRDa7MRa6qRPngJTZMrwyTIcIOGiJNfMaF8pChK8XFCm+K41ALP4XhFletNniTtTpThOC23FUU5fMwNqD5ryjhG7lKttiyihYY=,iv:nq3PVm1Fdt6ZCWhPuBTZ85u3Fc3xXqn25nGMKALjojM=,tag:QeAtU4gQhUojw5Ik6V+F6A==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3