diff --git a/nixos/linux.nix b/nixos/linux.nix index bb37fa6..efd3fbb 100644 --- a/nixos/linux.nix +++ b/nixos/linux.nix @@ -78,6 +78,11 @@ in { file = ./secrets/postmark.age; owner = "root"; }; + + forgejo-runner-token = { + file = ./secrets/forgejo-runner-token.age; + owner = "gitea-runner"; + }; }; environment.systemPackages = [ @@ -130,6 +135,17 @@ in { }; }; + services.gitea-actions-runner.instances."ubuntu" = { + enable = true; + url = "http://localhost:3000"; + tokenFile = config.age.secrets.forgejo-runner-token.path; + labels = [ + "ubuntu-latest:docker://ubuntu:22.04" + "ubuntu-22.04:docker://ubuntu:22.04" + "ubuntu-20.04:docker://ubuntu:20.04" + ]; + }; + systemd.tmpfiles.rules = [ "d /home/ironmagma/.config 0755 ${username} users" "d /root/.config 0755 ${username} users" diff --git a/nixos/secrets/default.nix b/nixos/secrets/default.nix index d869fb2..c892907 100644 --- a/nixos/secrets/default.nix +++ b/nixos/secrets/default.nix @@ -14,4 +14,7 @@ in { # POSTMARK_SERVER_TOKEN "./postmark.age".publicKeys = [mainframePublicKey]; + + # Forgejo runner registration token (plain text token from Forgejo admin) + "./forgejo-runner-token.age".publicKeys = [mainframePublicKey]; } diff --git a/nixos/secrets/forgejo-runner-token.age b/nixos/secrets/forgejo-runner-token.age new file mode 100644 index 0000000..6b9ef91 --- /dev/null +++ b/nixos/secrets/forgejo-runner-token.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 NFD/vg clf6vMNmGue91peB+0Gn38wS4bNOIT8O2lbngF6sJCI +Zy2TQnIQ68z5WaMzukLTYrWD8bYk3nf0y6JmlhqtZA4 +--- UWiqR61EQhaDVOOdi8Zo7J4b9bDwOIyKDTlpisgTGr8 +XE`qrRjnй^möȌO*9|5hyj1)yxu/3zL@ם XDB7ah \ No newline at end of file