feat: setup forgejo runner.

2026-01-21 17:44:34 +01:00 · 2026-01-21 17:44:34 +01:00 · 8f5f8cb691
commit 8f5f8cb691
parent a3389dc350
5 changed files with 59 additions and 0 deletions
--- a/modules/servers/per-server/freyja/default.nix
+++ b/modules/servers/per-server/freyja/default.nix
@ -9,6 +9,7 @@ in {
  imports =
    [
      ../../common
+      ./secrets.nix
    ]
    ++ hostModules;
 }
--- a/modules/servers/per-server/freyja/secrets.nix
+++ b/modules/servers/per-server/freyja/secrets.nix
@ -0,0 +1,9 @@
+{
+  age = {
+    secrets = {
+      forgejo-runner-token = {
+        file = ../../../../secrets/forgejo-runner-token.age;
+      };
+    };
+  };
+}
--- a/modules/servers/per-server/freyja/services/forgejo-runner.nix
+++ b/modules/servers/per-server/freyja/services/forgejo-runner.nix
@ -0,0 +1,25 @@
+{
+  pkgs,
+  config,
+  ...
+}: {
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-runner;
+    instances.default = {
+      enable = true;
+      name = "monolith";
+      url = "https://git.cronyakatsuki.xyz";
+      # Obtaining the path to the runner token file may differ
+      # tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
+      tokenFile = config.age.secrets.forgejo-runner-token.path;
+      labels = [
+        "ubuntu-latest:docker://node:16-bullseye"
+        "ubuntu-22.04:docker://node:16-bullseye"
+        "ubuntu-20.04:docker://node:16-bullseye"
+        "ubuntu-18.04:docker://node:16-buster"
+        ## optionally provide native execution on the host:
+        "native:host"
+      ];
+    };
+  };
+}
--- a/secrets/forgejo-runner-token.age
+++ b/secrets/forgejo-runner-token.age
@ -0,0 +1,23 @@
+age-encryption.org/v1
+-> ssh-ed25519 2P4nKw 6CXlYKfRELtM9lE3HPwyX8paUEqdq1F/YxB/rHtv/Hw
+MGDd7G/xGGEEJ4FLbfsZJIaUsznwRZZoQ7giVoafKEY
+-> ssh-ed25519 l/ODWA xEpu4YLSwnb7bp6hLLlBHjmAs9GAFE01kcyhpD4ooWA
+mqYAWi0HKyvgtseJ2f7g4rW0G+LHBVH31RG86UMoolI
+-> ssh-ed25519 7+5K3Q S7AJuGnSUO/TZ40fWnmSJN02oR1c84UnZ0cRPLT62Hc
+0IKCOawbLeXBHsdVDk9KSDUT3AwB/0vsRitLn7RJ6Es
+-> ssh-ed25519 Ow0TGw 2stE3ES2jl9n6t86+nyuqZ2Yeh0C2XWmXr5+HNZ5H2Y
+3C3FZ6jVUyJ1Af6P6kZZYmWiXJ4Gd4V/Az8dKk1IbAg
+-> ssh-ed25519 cEINMA AF8fxir8WyhwNPkcjILCeQkrpcMG0oXEF0u15RpSFF0
+F9MlXYcPuoidHLrQzCOkgeQVc40h8t2aCP0qdYWuVpc
+-> ssh-ed25519 qbMKrQ JzQh1uPdITf0VdsgCH4UYkavfoncOmobgEp3N2IehG4
+7vh/sGnFBIxckxHTnjNaTAAXINH/xPeb7fKX0R2wgPg
+-> ssh-ed25519 Z0mAzw TVO8g5CaaJS+/sn/fxgDPbMy9JNMUrgHhW3TgzyfKhg
+QmfjgU10CJebV1evV5myZHZ3v0J6Qf6Vp2Iv1OkNg7c
+-> ssh-ed25519 GNZYRg b5FwNS2yEFYTP6XshP3w3h7ofiRRuVAHJJGqUxWy8Xo
+g+/1/e6CAhA96qK55jF3poCUuKV0BbecSb6bcKE9FD4
+-> ssh-ed25519 fd/ZLQ STF8rS7Kb3ZXHVteSEl5HDKceqgIgKDbSOYU7sA2bzw
+YxWXgCdzSvgBShTUMH1CZnxKAG1kzNoObW80cXyfNq0
+-> ssh-ed25519 zQBiZw +iRG/N5bBSGflrb5Zi4wzNmq7GTt/O/A9xHwGs12L1I
+p12J0VmSTit+yPq0AUjF0+6laCSeHte5MTNBqhIkYW8
+--- heq+uzmYk2bdNLlLN1sqdH1Odjch/EYHk07ZZmFVtZE
+C„{{˜<18>ß¸Ï´¸{	<09>h8ƒ<38>²'þn™ÍZ¹tÁÔ9ë/©.kñpkWf<<WžvÍ…î†¯‘ÍÉÑF—G	æ/B…œx»îœ5…Qr
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -46,4 +46,5 @@ in {
  "linkwarden.age".publicKeys = systems ++ users;
  "linkwarden-db.age".publicKeys = systems ++ users;
  "paperless-ngx.age".publicKeys = systems ++ users;
+  "forgejo-runner-token.age".publicKeys = systems ++ users;
 }