AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

disable gitea-runner

Browse Source
This commit is contained in:
Dmitriy Kholkin 2024-08-04 13:42:30 +03:00
parent e9ceef976c
commit 44d6c9b64b
Signed by: AtaraxiaDev
GPG Key ID: FD266B810DF48DF2
1 changed files with 38 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
profiles/servers/gitea.nix
View File

@ -2,25 +2,25 @@
let let
gitea-user = config.services.gitea.user; gitea-user = config.services.gitea.user;
gitea-group = "gitea"; gitea-group = "gitea";
runner-user = "gitea-runner"; # runner-user = "gitea-runner";
runner-group = "root"; # runner-group = "root";
gitea-secret = { gitea-secret = {
sopsFile = inputs.self.secretsDir + /gitea.yaml; sopsFile = inputs.self.secretsDir + /gitea.yaml;
owner = gitea-user; owner = gitea-user;
restartUnits = [ "gitea.service" ]; restartUnits = [ "gitea.service" ];
}; };
runner-secret = services: { # runner-secret = services: {
sopsFile = inputs.self.secretsDir + /home-hypervisor/gitea.yaml; # sopsFile = inputs.self.secretsDir + /home-hypervisor/gitea.yaml;
owner = runner-user; # owner = runner-user;
restartUnits = services; # restartUnits = services;
}; # };
in { in {
sops.secrets.gitea = gitea-secret; sops.secrets.gitea = gitea-secret;
sops.secrets.gitea-mailer = gitea-secret; sops.secrets.gitea-mailer = gitea-secret;
sops.secrets.gitea-runner-hypervisor = runner-secret [ "gitea-runner-hypervisor.service" ]; # sops.secrets.gitea-runner-hypervisor = runner-secret [ "gitea-runner-hypervisor.service" ];
persist.state.directories = [ persist.state.directories = [
"/var/lib/gitea-runner" # "/var/lib/gitea-runner"
# { directory = "/var/lib/gitea-runner"; user = runner-user; group = runner-group; } # { directory = "/var/lib/gitea-runner"; user = runner-user; group = runner-group; }
] ++ lib.optionals (config.deviceSpecific.devInfo.fileSystem != "zfs") [ ] ++ lib.optionals (config.deviceSpecific.devInfo.fileSystem != "zfs") [
{ directory = "/srv/gitea"; user = gitea-user; group = gitea-group; } { directory = "/srv/gitea"; user = gitea-user; group = gitea-group; }
@ -117,33 +117,33 @@ in {
''; '';
}; };
users.users.${runner-user} = { # users.users.${runner-user} = {
isSystemUser = true; # isSystemUser = true;
group = runner-group; # group = runner-group;
}; # };
services.gitea-actions-runner.instances.hypervisor = { # services.gitea-actions-runner.instances.hypervisor = {
enable = true; # enable = true;
name = "hypervisor"; # name = "hypervisor";
url = config.services.gitea.settings.server.ROOT_URL; # url = config.services.gitea.settings.server.ROOT_URL;
tokenFile = config.sops.secrets.gitea-runner-hypervisor.path; # tokenFile = config.sops.secrets.gitea-runner-hypervisor.path;
labels = [ # labels = [
"native:host" # "native:host"
"debian-latest:docker://debian:12-slim" # "debian-latest:docker://debian:12-slim"
]; # ];
hostPackages = with pkgs; [ # hostPackages = with pkgs; [
bash # bash
curl # curl
gawk # gawk
gitMinimal # gitMinimal
gnused # gnused
wget # wget
]; # ];
# TODO: fix cache server # # TODO: fix cache server
# settings = {}; # # settings = {};
}; # };
systemd.services.gitea-runner-hypervisor = { # systemd.services.gitea-runner-hypervisor = {
serviceConfig.DynamicUser = lib.mkForce false; # serviceConfig.DynamicUser = lib.mkForce false;
serviceConfig.User = lib.mkForce runner-user; # serviceConfig.User = lib.mkForce runner-user;
serviceConfig.Group = lib.mkForce runner-group; # serviceConfig.Group = lib.mkForce runner-group;
}; # };
} }