feat(home-server): add forgejo runner

2025-01-17 14:20:00 +01:00 · 2025-01-17 14:20:00 +01:00 · 13a7c455a9
parent 933d7b6994
commit 13a7c455a9
3 changed files with 55 additions and 0 deletions
--- a/secrets/forgejo/runner-token.age
+++ b/secrets/forgejo/runner-token.age
@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 OAZQhA 2ptce5tD9VWD7rfhCjLZbKzznVXLHFw1L5iXbwrAyUQ
+egOD0xgvKyRsezgBCmaZrft/61TtS3fh4mHWf+taNjI
+-> ssh-ed25519 72ij7w mVe1vE1rQT0t21xwwrLqEytD/1dwB2gwbzuNx6z/tEQ
+ZxcOXVdxpxpvvU6ozhjJ41hIncxygJcV3icGFascFpw
+--- 298y2yI6JRzmJq1If1v3NMjRKlCpH2kjUqhfL47n2ag
+2Ý©TwÀÆV}ü“6´Ï¶A=è/w <þ½ÙéÏÍÖ[|Fïdåˆì$e^&
+	ªÐ<C2AA>°HÐüöaì&„ß€v›Ò]
--- a/services/forgejo/default.nix
+++ b/services/forgejo/default.nix
@ -11,6 +11,8 @@ let
  cfg = config.services.forgejo;
 in
 {
+  imports = [ ./runner.nix ];
+
  age.secrets.forgejo-admin-password = {
    file = ../../secrets/forgejo/admin-password.age;
    owner = cfg.user;
@ -34,6 +36,10 @@ in
      ui = {
        DEFAULT_THEME = "forgejo-dark";
      };
+      actions = {
+        ENABLED = true;
+        DEFAULT_ACTIONS_URL = "https://${domain}";
+      };
      mailer = {
        ENABLED = true;
        PROTOCOL = "sendmail";
--- a/services/forgejo/runner.nix
+++ b/services/forgejo/runner.nix
@ -0,0 +1,41 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  forgejoCfg = config.services.forgejo;
+  domain = forgejoCfg.settings.server.DOMAIN;
+in
+{
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-runner;
+    instances.local = {
+      enable = true;
+      url = "https://${domain}";
+      tokenFile = ""; # dynamically retrieved from Forgejo (see further below)
+      name = config.networking.hostName;
+      labels = [ "native:host" ];
+      settings = {
+        container.network = "host";
+      };
+    };
+  };
+
+  # automatically get registration token from forgejo
+  systemd.services.forgejo.postStart = lib.mkBefore ''
+    ${pkgs.bash}/bin/bash -c '(while ! ${pkgs.netcat-openbsd}/bin/nc -z -U ${forgejoCfg.settings.server.HTTP_ADDR}; do echo "Waiting for unix ${forgejoCfg.settings.server.HTTP_ADDR} to open..."; sleep 2; done); sleep 2'
+    actions="${lib.getExe config.services.forgejo.package} actions"
+    echo -n TOKEN= > /run/forgejo/forgejo-runner-token
+    $actions generate-runner-token >> /run/forgejo/forgejo-runner-token
+  '';
+
+  systemd.services.gitea-runner-local.serviceConfig = {
+    EnvironmentFile = [ "/run/forgejo/forgejo-runner-token" ];
+  };
+
+  systemd.services.gitea-runner-local.wants = [ "forgejo.service" ];
+  systemd.services.gitea-runner-local.after = [ "forgejo.service" ];
+}