.

2026-02-15 20:28:12 -08:00 · 2026-02-15 20:28:12 -08:00 · db5af11266
commit db5af11266
parent 50007f068e
5 changed files with 75 additions and 0 deletions
--- a/.forgejo/workflows/update-flake.yaml
+++ b/.forgejo/workflows/update-flake.yaml
@ -0,0 +1,21 @@
+name: Update Flake Inputs
+on:
+  schedule:
+    - cron: '0 2 * * *'
+  workflow_dispatch:
+
+jobs:
+  update:
+    runs-on: native
+    steps:
+      - uses: actions/checkout@v4
+      - name: Update flake inputs
+        run: nix flake update
+      - name: Commit and push if changed
+        run: |
+          git diff --quiet flake.lock && exit 0
+          git config user.name "Forgejo Actions"
+          git config user.email "actions@forgejo.ellie.town"
+          git add flake.lock
+          git commit -m "Update flake inputs (automated)"
+          git push
--- a/flake.nix
+++ b/flake.nix
@ -58,6 +58,7 @@
          ./services/matrix.nix
          ./services/ergo.nix
          ./services/forgejo.nix
+          ./services/forgejo-runner.nix
          # ./services/akkoma.nix
        ];
      };
--- a/services/forgejo-runner.nix
+++ b/services/forgejo-runner.nix
@ -0,0 +1,35 @@
+{ pkgs, config, ... }:
+
+{
+  sops.secrets."forgejo/runner_token" = {
+    sopsFile = ./secrets/forgejo.yaml;
+  };
+
+  sops.templates."forgejo-runner-token".content = ''
+    TOKEN=${config.sops.placeholder."forgejo/runner_token"}
+  '';
+
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-runner;
+
+    instances.default = {
+      enable = true;
+      name = "home-server";
+      url = "https://forgejo.ellie.town";
+      tokenFile = config.sops.templates."forgejo-runner-token".path;
+
+      labels = [
+        "native:host"
+      ];
+
+      hostPackages = with pkgs; [
+        bash
+        coreutils
+        git
+        nix
+        curl
+        nodejs
+      ];
+    };
+  };
+}
--- a/services/forgejo.nix
+++ b/services/forgejo.nix
@ -9,6 +9,7 @@
  services.forgejo = {
    enable = true;
    settings.service.DISABLE_REGISTRATION = true;
+    settings.actions.ENABLED = true;
    settings.server = {
      DOMAIN = "forgejo.ellie.town";
      ROOT_URL = "https://forgejo.ellie.town/";
--- a/services/secrets/forgejo.yaml
+++ b/services/secrets/forgejo.yaml
@ -0,0 +1,17 @@
+forgejo:
+    runner_token: ENC[AES256_GCM,data:7TiZFb2TheIE7SY+zjMHQLh2YYbuKwgqoYGcM03TxnUjWv/YjPJA9A==,iv:HfTptmhNnqG9ZwWXeCxQ7H7BhENoUFk4BgEUPggqqY4=,tag:8mQgBsYZ3I4t6uYHzbPAmg==,type:str]
+sops:
+    age:
+        - recipient: age126v48dgev6pu3uhe7dtpdhax2yes2ff9u42ke2k2h97e90z8d4psedau7u
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwQ202M0tHVTRYRXY3VUVD
+            dzQwRFpkS0o0TDJIQW0wTTB5bEFLckNXTGlrCkZwbGtSbit5L010emlPZ3hSTEhQ
+            a3hOWHRnT3NsNlNxTE10eEVzQXM5MFEKLS0tIGg4L3dZQzJpK25CZzJiVStwTmJR
+            NDFQcUFrdXBZbWJPL09SWmNSQkZQNjgKB/sqNBdO6TrOanMHYhR1UP7bznEnilU8
+            8eLZuIK3dVqYbXDkeox7t8HhBqI7u1Sv11zej+SwNHng0rgRr8ReEg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-02-16T04:02:58Z"
+    mac: ENC[AES256_GCM,data:GPWNTL1VzOr8u2vjNuVCWIo4VR7aZK4NuUeXn0vVRlWM4t8B+T1gBDxS3+J4zZB1KlQneWhF53jZOFb8im2dnfS5DlBfT+rQjppwA9SkZKNPdQTa9xFl75ZWipzjLH6slWlNKFOj3aEwXLYhEWBBD35PetA+YCJTXwzPBnPrlWI=,iv:MUJwck1lp1t87YzkKqdiFS+UkA0ha6xXYs/1+c2j3qE=,tag:yf5AJpSYdCt9RePNFVT5Yw==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.11.0