AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

rework gitea config, add native gitea-runner

Browse Source
This commit is contained in:
Dmitriy Kholkin 2024-01-13 00:02:01 +03:00
parent 3a60da7d30
commit 2d543adf5d
1 changed files with 50 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
profiles/servers/gitea.nix
View File

@ -1,18 +1,30 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
let let
user = config.services.gitea.user; gitea-user = config.services.gitea.user;
group = "gitea"; gitea-group = "gitea";
runner-user = "gitea-runner";
runner-group = "root";
gitea-secret = {
owner = gitea-user;
services = [ "gitea.service" ];
};
runner-secret = services: {
owner = runner-user;
services = services;
};
in { in {
secrets.gitea.owner = user; secrets.gitea = gitea-secret;
secrets.gitea-mailer.owner = user; secrets.gitea-mailer = gitea-secret;
secrets.gitea-secretkey.owner = user; secrets.gitea-secretkey = gitea-secret;
secrets.gitea-internaltoken.owner = user; secrets.gitea-internaltoken = gitea-secret;
secrets.gitea-hypervisor-native = runner-secret [ "gitea-runner-native.service" ];
persist.state.directories = lib.mkIf persist.state.directories = [
(config.deviceSpecific.devInfo.fileSystem != "zfs") [{ "/var/lib/gitea-runner"
directory = "/srv/gitea"; # { directory = "/var/lib/gitea-runner"; user = runner-user; group = runner-group; }
inherit user group; ] ++ lib.optionals (config.deviceSpecific.devInfo.fileSystem != "zfs") [
}]; { directory = "/srv/gitea"; user = gitea-user; group = gitea-group; }
];
# TODO: backups! gitea.dump setting # TODO: backups! gitea.dump setting
services.gitea = { services.gitea = {
@ -105,4 +117,31 @@ in {
-mindepth 1 -type f -mtime +${older-than} -delete -mindepth 1 -type f -mtime +${older-than} -delete
''; '';
}; };
users.users.${runner-user} = {
isSystemUser = true;
group = runner-group;
};
services.gitea-actions-runner.instances.native = {
enable = true;
name = "hypervisor-native";
url = config.services.gitea.settings.server.ROOT_URL;
tokenFile = config.secrets.gitea-hypervisor-native.decrypted;
labels = [ "native:host" ];
hostPackages = with pkgs; [
bash
curl
gawk
gitMinimal
gnused
wget
];
# TODO: fix cache server
# settings = {};
};
systemd.services.gitea-runner-native = {
serviceConfig.DynamicUser = lib.mkForce false;
serviceConfig.User = lib.mkForce runner-user;
serviceConfig.Group = lib.mkForce runner-group;
};
} }