From db5af112665cb7bd806a75ace70819ffa3749b75 Mon Sep 17 00:00:00 2001 From: Ellie <6687206+wizzeh@users.noreply.github.com> Date: Sun, 15 Feb 2026 20:28:12 -0800 Subject: [PATCH] . --- .forgejo/workflows/update-flake.yaml | 21 +++++++++++++++++ flake.nix | 1 + services/forgejo-runner.nix | 35 ++++++++++++++++++++++++++++ services/forgejo.nix | 1 + services/secrets/forgejo.yaml | 17 ++++++++++++++ 5 files changed, 75 insertions(+) create mode 100644 .forgejo/workflows/update-flake.yaml create mode 100644 services/forgejo-runner.nix create mode 100644 services/secrets/forgejo.yaml diff --git a/.forgejo/workflows/update-flake.yaml b/.forgejo/workflows/update-flake.yaml new file mode 100644 index 0000000..59dff03 --- /dev/null +++ b/.forgejo/workflows/update-flake.yaml @@ -0,0 +1,21 @@ +name: Update Flake Inputs +on: + schedule: + - cron: '0 2 * * *' + workflow_dispatch: + +jobs: + update: + runs-on: native + steps: + - uses: actions/checkout@v4 + - name: Update flake inputs + run: nix flake update + - name: Commit and push if changed + run: | + git diff --quiet flake.lock && exit 0 + git config user.name "Forgejo Actions" + git config user.email "actions@forgejo.ellie.town" + git add flake.lock + git commit -m "Update flake inputs (automated)" + git push diff --git a/flake.nix b/flake.nix index 7696d11..c1eab18 100644 --- a/flake.nix +++ b/flake.nix @@ -58,6 +58,7 @@ ./services/matrix.nix ./services/ergo.nix ./services/forgejo.nix + ./services/forgejo-runner.nix # ./services/akkoma.nix ]; }; diff --git a/services/forgejo-runner.nix b/services/forgejo-runner.nix new file mode 100644 index 0000000..722728f --- /dev/null +++ b/services/forgejo-runner.nix @@ -0,0 +1,35 @@ +{ pkgs, config, ... }: + +{ + sops.secrets."forgejo/runner_token" = { + sopsFile = ./secrets/forgejo.yaml; + }; + + sops.templates."forgejo-runner-token".content = '' + TOKEN=${config.sops.placeholder."forgejo/runner_token"} + ''; + + services.gitea-actions-runner = { + package = pkgs.forgejo-runner; + + instances.default = { + enable = true; + name = "home-server"; + url = "https://forgejo.ellie.town"; + tokenFile = config.sops.templates."forgejo-runner-token".path; + + labels = [ + "native:host" + ]; + + hostPackages = with pkgs; [ + bash + coreutils + git + nix + curl + nodejs + ]; + }; + }; +} diff --git a/services/forgejo.nix b/services/forgejo.nix index 5786581..ab91654 100644 --- a/services/forgejo.nix +++ b/services/forgejo.nix @@ -9,6 +9,7 @@ services.forgejo = { enable = true; settings.service.DISABLE_REGISTRATION = true; + settings.actions.ENABLED = true; settings.server = { DOMAIN = "forgejo.ellie.town"; ROOT_URL = "https://forgejo.ellie.town/"; diff --git a/services/secrets/forgejo.yaml b/services/secrets/forgejo.yaml new file mode 100644 index 0000000..6b1eb81 --- /dev/null +++ b/services/secrets/forgejo.yaml @@ -0,0 +1,17 @@ +forgejo: + runner_token: ENC[AES256_GCM,data:7TiZFb2TheIE7SY+zjMHQLh2YYbuKwgqoYGcM03TxnUjWv/YjPJA9A==,iv:HfTptmhNnqG9ZwWXeCxQ7H7BhENoUFk4BgEUPggqqY4=,tag:8mQgBsYZ3I4t6uYHzbPAmg==,type:str] +sops: + age: + - recipient: age126v48dgev6pu3uhe7dtpdhax2yes2ff9u42ke2k2h97e90z8d4psedau7u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwQ202M0tHVTRYRXY3VUVD + dzQwRFpkS0o0TDJIQW0wTTB5bEFLckNXTGlrCkZwbGtSbit5L010emlPZ3hSTEhQ + a3hOWHRnT3NsNlNxTE10eEVzQXM5MFEKLS0tIGg4L3dZQzJpK25CZzJiVStwTmJR + NDFQcUFrdXBZbWJPL09SWmNSQkZQNjgKB/sqNBdO6TrOanMHYhR1UP7bznEnilU8 + 8eLZuIK3dVqYbXDkeox7t8HhBqI7u1Sv11zej+SwNHng0rgRr8ReEg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-16T04:02:58Z" + mac: ENC[AES256_GCM,data:GPWNTL1VzOr8u2vjNuVCWIo4VR7aZK4NuUeXn0vVRlWM4t8B+T1gBDxS3+J4zZB1KlQneWhF53jZOFb8im2dnfS5DlBfT+rQjppwA9SkZKNPdQTa9xFl75ZWipzjLH6slWlNKFOj3aEwXLYhEWBBD35PetA+YCJTXwzPBnPrlWI=,iv:MUJwck1lp1t87YzkKqdiFS+UkA0ha6xXYs/1+c2j3qE=,tag:yf5AJpSYdCt9RePNFVT5Yw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0