feat: setup new baldur vps, for running forgejo actions.

2026-03-13 09:03:22 +01:00 · 2026-03-13 09:03:22 +01:00 · 6f40be6f3b
commit 6f40be6f3b
parent e556fca10f
6 changed files with 5 additions and 50 deletions
--- a/modules/servers/per-server/baldur/services/crafty-controller.nix
+++ b/modules/servers/per-server/baldur/services/crafty-controller.nix
@ -1,49 +0,0 @@
-{...}: {
-  virtualisation.oci-containers.containers.crafty-controller = {
-    image = "registry.gitlab.com/crafty-controller/crafty-4:latest";
-    autoStart = true;
-    ports = [
-      "8443:8443"
-      "8123:8123"
-      "19132:19132"
-      "25500-25600:25500-25600"
-    ];
-    labels = {
-      "io.containers.autoupdate" = "registry";
-    };
-    volumes = [
-      "/var/lib/crafty-controller/backups:/crafty/backups"
-      "/var/lib/crafty-controller/logs:/crafty/logs"
-      "/var/lib/crafty-controller/servers:/crafty/servers"
-      "/var/lib/crafty-controller/config:/crafty/app/config"
-      "/var/lib/crafty-controller/import:/crafty/import"
-    ];
-  };
-
-  networking.firewall = {
-    allowedTCPPorts = [25500];
-    allowedUDPPorts = [25500];
-  };
-
-  services.traefik.dynamicConfigOptions.http = {
-    services.crafty.loadBalancer.servers = [
-      {
-        url = "https://localhost:8443";
-      }
-    ];
-
-    routers.crafty = {
-      rule = "Host(`crafty.cronyakatsuki.xyz`)";
-      tls = {
-        certResolver = "porkbun";
-      };
-      service = "crafty";
-      entrypoints = "websecure";
-    };
-  };
-
-  services.restic.backups = {
-    local.paths = ["/var/lib/crafty-controller"];
-    server.paths = ["/var/lib/crafty-controller"];
-  };
-}
--- a/modules/servers/per-server/baldur/services/forgejo-runner.nix
+++ b/modules/servers/per-server/baldur/services/forgejo-runner.nix
@ -0,0 +1,36 @@
+{
+  pkgs,
+  config,
+  ...
+}: {
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-runner;
+    instances.default = {
+      enable = true;
+      name = "monolith";
+      url = "https://git.cronyakatsuki.xyz";
+      # Obtaining the path to the runner token file may differ
+      # tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
+      tokenFile = config.age.secrets.forgejo-runner-token.path;
+      labels = [
+        ## optionally provide native execution on the host:
+        "debian-latest:docker://node:18-bullseye"
+        "native:host"
+      ];
+      hostPackages = with pkgs; [
+        bash
+        coreutils
+        curl
+        gawk
+        gitMinimal
+        gnused
+        nodejs
+        wget
+        nix
+        attic-client
+      ];
+    };
+  };
+
+  environment.systemPackages = with pkgs; [attic-client];
+}