diff --git a/hosts/fw.cloonar.com/modules/gitea.nix b/hosts/fw.cloonar.com/modules/gitea.nix index 7c1c54f..88043db 100644 --- a/hosts/fw.cloonar.com/modules/gitea.nix +++ b/hosts/fw.cloonar.com/modules/gitea.nix @@ -123,60 +123,50 @@ in owner = "gitea-runner"; }; - containers.git-runner = { - autoStart = true; - ephemeral = false; # because of ssh key - macvlans = [ "vserver" ]; - bindMounts = { - "/run/secrets/gitea-runner-token" = { - hostPath = config.sops.secrets.gitea-runner-token.path; - isReadOnly = true; - }; - "/run/podman/podman.sock" = { - hostPath = "/run/podman/podman.sock"; - isReadOnly = false; - }; - }; - config = { lib, config, pkgs, ... }: { - networking = { - hostName = "git-runner"; - nameservers = [ "10.42.97.10" ]; - interfaces.mv-vserver = { - useDHCP = true; - }; - firewall = { - enable = true; - }; - }; - - virtualisation.podman.enable = true; - - services.gitea-actions-runner.instances.main = { - enable = true; - url = "https://git.cloonar.com"; - name = "main"; - tokenFile = "/run/secrets/gitea-runner-token"; - labels = [ - "ubuntu-latest:docker://node:18-bullseye" - "native:host" - ]; - hostPackages = with pkgs; [ - bash - coreutils - curl - gawk - gitMinimal - gnused - nodejs - wget - ]; - }; - - users.groups.podman.gid = cids.gids.podman; - users.users.gitea-runner = runner-user; - users.groups.gitea-runner = runner-group; - - system.stateVersion = "23.05"; - }; + services.gitea-actions-runner.instances.main = { + enable = true; + url = "https://git.cloonar.com"; + name = "main"; + tokenFile = "/run/secrets/gitea-runner-token"; + labels = [ + "ubuntu-latest:docker://node:18-bullseye" + ]; }; + + # containers.git-runner = { + # autoStart = true; + # ephemeral = false; # because of ssh key + # macvlans = [ "vserver" ]; + # bindMounts = { + # "/run/secrets/gitea-runner-token" = { + # hostPath = config.sops.secrets.gitea-runner-token.path; + # isReadOnly = true; + # }; + # "/run/podman/podman.sock" = { + # hostPath = "/run/podman/podman.sock"; + # isReadOnly = false; + # }; + # }; + # config = { lib, config, pkgs, ... }: { + # networking = { + # hostName = "git-runner"; + # nameservers = [ "10.42.97.10" ]; + # interfaces.mv-vserver = { + # useDHCP = true; + # }; + # firewall = { + # enable = true; + # }; + # }; + # + # virtualisation.podman.enable = true; + # + # + # users.groups.podman.gid = cids.gids.podman; + # users.users.gitea-runner = runner-user; + # users.groups.gitea-runner = runner-group; + # + # system.stateVersion = "23.05"; + # }; + # }; } diff --git a/hosts/fw.cloonar.com/secrets.yaml b/hosts/fw.cloonar.com/secrets.yaml index f3a8189..5adb9e3 100644 --- a/hosts/fw.cloonar.com/secrets.yaml +++ b/hosts/fw.cloonar.com/secrets.yaml @@ -5,7 +5,7 @@ wg_cloonar_key: ENC[AES256_GCM,data:Dtp6I5J0jU5LLVwEFU4DFCpUngPRmFMebGXnk2oSwsKt wg_epicenter_works_key: ENC[AES256_GCM,data:LeLjfwfaz+loWyHYRgIMIPzHzlOnhl9tluKcQFgdes6r+deft1JfnUzDuF0=,iv:DKrc3I+U2hWDH8nnc8ZQeaVtA1eVXu7SXdTn1fxHoH4=,tag:V0PL0GrL2NEPVslAZa801A==,type:str] wg_epicenter_works_psk: ENC[AES256_GCM,data:Den3NDWdP013Or6/2Vll1igUahuRSNW4hu+nDa5vkr93bbveQTaWFT4TD4U=,iv:r3UsD3+3lUIP2X3Grti7wpXTQBXtu1/MdrycEmpZfsI=,tag:ghbAcxmjGVOe9jCZsmFzjA==,type:str] wg_ghetto_at_key: ENC[AES256_GCM,data:OIHmoy3SpIi9aefZnZ1PzpyHbEso18ceoTULf2eQkx1rJbaxC6PD1lma7eQ=,iv:u0eFjHHOBzPTmBvBEQsYY5flcBayiAQKd6e7RyiPwJI=,tag:731C9wvv8bA5fuuQq+weVQ==,type:str] -gitea-runner-token: ENC[AES256_GCM,data:Qu2T/d+RbeGI079Y6UA6s2gzun4ybKxIFFS4QISYZhqk9qJsLY2Q39pd/Olfa20=,iv:LkFodQKy1auKZjFVsZusVBXNMmcS0OHQnokJ4FCzADc=,tag:QicoTUFWHAPR7wFTDB17kA==,type:str] +gitea-runner-token: ENC[AES256_GCM,data:ylTiQcDEEs3COymcSe3IQntFKtl/GYKrQLgZw19gxjTZ/ukQ7mouKdyTlGdbFEQ=,iv:D0T0A5KPDXBPBVvPhaHDzlVETiL88IJZZfn4heyZhXU=,tag:pVvHLKbtNVSHLVURhhlPJg==,type:str] drone: ENC[AES256_GCM,data:S8WTZqGHfcdpSojavZ87GdE5dagcTAdHBVQEbHHgnB4V7aczS6c5QdEJxK920Pjpf6o54OOQYniVsPiiXSxwjExDKPzhs/DG2hfigmf8RgfkP+3tF2W0KiPmV2jxog8w226ZKnI+hSBs8tuIfJBhrpY7Y/YNmTPfq+cnnLS8ibYqytcpzoogI9I8THzHCu3r+yejoGSyTMs9L4gPhOjz5aK4UV6V,iv:zqN/aSBI3xGGNDnpHPGyQnQP2YZOGUk6dAGtON/QlHU=,tag:o9YFDKAB5uR9lPmChyxB8g==,type:str] home-assistant-ldap: ENC[AES256_GCM,data:uZEPbSnkgQYSd8ev6FD8TRHWWr+vusadtMcvP7KKL2AZAV0h1hga5fODN6I5u0DNL9hq2pNM+FwU0E/svWLRww==,iv:IhmUgSu34NaAY+kUZehx40uymydUYYAyte1aGqQ33/8=,tag:BKFCJPr7Vz4EG78ry/ZD7g==,type:str] home-assistant-secrets.yaml: ENC[AES256_GCM,data:8LH3rrbkpRIFuKZmXe7EHcXPlkzfbdaxX7ssWjIUJ0FQ2QbMUOFsrxVt4diMVHJuaDCoC5gXIwWYDXw4yQj+4Pdf0cwk2MiXj2S9O7GxuOQzP4V1Ab4HeLJOXbGP4cigzNak5epbBiyJY13mVPVgjxX2M4GkuB2TXCOZ5GpvHHv0IvNcc6ymov/XkpJh7MOkyKw45jrYjiV/8dSTORhcWms5J/YgRpSQ/XijWkzucsisNyYk6mKYSq5O4xWFNEF1YC5FFr+rX7xzsbAp0niG3r1d+qcxYHOe0KPB0auxdxif3wQELAp/tosm4l+H+llw3t6STdFVUeBHC+naAwr0QTYB2a7yWLvb6Eh9CYQ7Z3qS/CvvVKs3sB0djRU42FZ9O4c2XcMllP0f3nVaF+DnLpaxgCdLoGPBhYdyTniBij+JudvGZvpWZUFLRlx49zC07RMRG4k+xMA4bAJkiLb+T+b30ur7N+EUgCOyp2FROc1ngCiJqr+cYbnWN1wqougm+pM+GxNZNwakiw1RFJPcOzpjtuwYp/gEKOC+Sz3Qkl4VpYxj7t7fikV0s5r+HzuNFa7gFWpApeRt6YuffQRWhlPVlCOkrQUhRl3YPG9khQ==,iv:r5Vb1ucVrMD0xZOuVnyRJ4El5sCBru/4nOV74pz+tA0=,tag:SwrBmA++GWVzf/0lWSuCpg==,type:str] @@ -33,8 +33,8 @@ sops: Tlo3NHBlMkJEaXNOZkxSKytGSDNEMWcKquNuAzbPWwAjqc65BcAA/DMltFjC6Ayb CKmJ7kaYFFUAIuBXhksvlH2b7vRZLT1QlwqUcRIRjxe+mZnsMIqE7w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-06T17:34:22Z" - mac: ENC[AES256_GCM,data:uOgnzt7rqnHj7lon1naM/xUD1jnMNHusEM2NfWZnnzrf/NB8hM+GQQpIYn05ZUD6Wgv3vQ1nR+38oAOSOYUDu+Tattx93bb17p3pUcu552o3pNHYVyFKaWhfGT+C3s3bIhDDBK55y/gfA7H0PTaN2ZLiC22/TYnQNbcaBWxo5So=,iv:RC3Ngot38SBaEMhnKDjv225hSZeHQqxCw1YJEWWvC80=,tag:CYEmjCW60+TmTJWWMpiVYw==,type:str] + lastmodified: "2023-12-06T18:03:32Z" + mac: ENC[AES256_GCM,data:odZPZsqAZ7cvEx8zuK6ebmC8R2W7ZLigELdsq3EbNwI76vRqbUykzqPfJa8w/fDujVraEsajOODU/faAHOgJzxS+lt5KQvmE0YCNfqgbZXSXRwifQV8UeYCsPYIBmRd5oIRS/J8ZvOs598QjBsbPMvgX356bL7Bf8sqqs5TiJEY=,iv:s/G8ZrjwMsGHH/upw50XyIDVMhI6nHvHLrIe+NSK8us=,tag:TyrDTASbiTGU4L23yn68Iw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3