From 5d544bfac1e96c78125687bab542772d9fac76ba Mon Sep 17 00:00:00 2001 From: Jan Kremer Date: Sat, 28 Mar 2026 13:01:55 +0100 Subject: [PATCH] Cleanup age secrets and install forgejo runner --- modules/nixos/caddy.nix | 2 +- modules/nixos/copyparty.nix | 1 - modules/nixos/forgejo.nix | 23 +++++++++++++++++------ modules/nixos/matrix.nix | 1 - modules/secrets/forgejo-runner.age | 9 +++++++++ modules/secrets/secrets.nix | 1 + 6 files changed, 28 insertions(+), 9 deletions(-) create mode 100644 modules/secrets/forgejo-runner.age diff --git a/modules/nixos/caddy.nix b/modules/nixos/caddy.nix index 086c277..f915d04 100644 --- a/modules/nixos/caddy.nix +++ b/modules/nixos/caddy.nix @@ -1,6 +1,6 @@ { systemd.tmpfiles.rules = [ - "d /var/www/jankremer.de 755 jan users -" + "d /var/www/jankremer.de 755 forgejo-runner users -" ]; services.caddy = { diff --git a/modules/nixos/copyparty.nix b/modules/nixos/copyparty.nix index f71605b..545cde3 100644 --- a/modules/nixos/copyparty.nix +++ b/modules/nixos/copyparty.nix @@ -6,7 +6,6 @@ { age.secrets."copyparty-jan" = { file = ../secrets/copyparty-jan.age; - mode = "400"; owner = "copyparty"; }; diff --git a/modules/nixos/forgejo.nix b/modules/nixos/forgejo.nix index 75e748a..37fec03 100644 --- a/modules/nixos/forgejo.nix +++ b/modules/nixos/forgejo.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, lib, ... }: let domain = "git.jankremer.de"; in @@ -7,6 +7,7 @@ in file = ../../modules/secrets/forgejo-mailer.age; owner = "forgejo"; }; + age.secrets.forgejo-runner.file = ../../modules/secrets/forgejo-runner.age; services = { forgejo = { @@ -19,7 +20,7 @@ in DOMAIN = domain; ROOT_URL = "https://${domain}"; START_SSH_SERVER = false; - SSH_PORT = 22; + SSH_PORT = lib.head config.services.openssh.ports; }; mailer = { ENABLED = true; @@ -28,14 +29,24 @@ in FROM = "git@jankremer.de"; USER = "janurskremer@me.com"; }; - # actions = { - # ENABLED = true; - # DEFAULT_ACTIONS_URL = "github"; - # }; + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "github"; + }; }; secrets = { mailer.PASSWD = config.age.secrets.forgejo-mailer.path; }; }; + + gitea-actions-runner.instances.nimbus = { + enable = true; + url = "https://${domain}"; + tokenFile = config.age.secrets.forgejo-runner.path; + name = "nimbus"; + settings.runner.labels = [ + "native:host" + ]; + }; }; } diff --git a/modules/nixos/matrix.nix b/modules/nixos/matrix.nix index 379a790..dd165c9 100644 --- a/modules/nixos/matrix.nix +++ b/modules/nixos/matrix.nix @@ -2,7 +2,6 @@ { age.secrets."matrix-registration-token" = { file = ../secrets/matrix-registration-token.age; - mode = "400"; owner = "tuwunel"; }; diff --git a/modules/secrets/forgejo-runner.age b/modules/secrets/forgejo-runner.age new file mode 100644 index 0000000..93c2e94 --- /dev/null +++ b/modules/secrets/forgejo-runner.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 2otpcg BKk+n4hh+NId35ZAUygwF8paTCY1Nbg3qo6MrTyOUwk +TiTl0BVeqXEXQ7y3ySDKDW2N0R3RAYzaPn1mvwM7W9k +-> ssh-ed25519 40YjXQ Vk49T74+I5qs6dY4mXQeGFzHR6i75xthZYZ1Y/bsyHc +QqBkWmkarBoSc5zmFO67Hwck3d+BioL444RitOxsR4w +-> ssh-ed25519 wbs2Dw NoJGVHAcH+PAoNQn+KCgwy/T14sHo+xYaGKvcTDHMUk +XFsOkgaXNQgkpKcmui1hbgywDRSIWtIAq7oFJI/LrjM +--- glH3vTvqZkaJqFLYGHPsNhu5Riyxjz0AKtMMnlaZYHo + “ÀÂçÙæhOŽjfì™ãXbؤ"’6ÿ,ù!ü\X