feat: move forgejo-runner into own module, fix its networking
All checks were successful
/ check (push) Successful in 14m43s
All checks were successful
/ check (push) Successful in 14m43s
This commit is contained in:
parent
2da1c15a3f
commit
ea4ad43613
3 changed files with 26 additions and 17 deletions
|
@ -4,6 +4,7 @@
|
||||||
./atuin.nix
|
./atuin.nix
|
||||||
./containers.nix
|
./containers.nix
|
||||||
./forgejo.nix
|
./forgejo.nix
|
||||||
|
./forgejo-runner.nix
|
||||||
./freshrss.nix
|
./freshrss.nix
|
||||||
./geoipupdate.nix
|
./geoipupdate.nix
|
||||||
./minio.nix
|
./minio.nix
|
||||||
|
|
25
config/services/forgejo-runner.nix
Normal file
25
config/services/forgejo-runner.nix
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
networking.firewall.trustedInterfaces = [ "podman+" ];
|
||||||
|
|
||||||
|
virtualisation.podman = {
|
||||||
|
enable = true;
|
||||||
|
dockerSocket.enable = true;
|
||||||
|
defaultNetwork.settings = {
|
||||||
|
dns_enabled = true;
|
||||||
|
ipv6_enabled = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.gitea-actions-runner = {
|
||||||
|
package = pkgs.unstable.forgejo-runner;
|
||||||
|
instances.main = {
|
||||||
|
enable = true;
|
||||||
|
name = "main";
|
||||||
|
url = config.services.forgejo.settings.server.ROOT_URL;
|
||||||
|
tokenFile = config.age.secrets."services/forgejo/runner-token".path;
|
||||||
|
labels = [ "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest" ];
|
||||||
|
settings.container.options = "--add-host=${config.services.forgejo.settings.server.DOMAIN}:host-gateway";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -116,23 +116,6 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualisation.podman = {
|
|
||||||
enable = true;
|
|
||||||
dockerSocket.enable = true;
|
|
||||||
defaultNetwork.settings.dns_enabled = true;
|
|
||||||
};
|
|
||||||
services.gitea-actions-runner = {
|
|
||||||
package = pkgs.unstable.forgejo-runner;
|
|
||||||
instances.main = {
|
|
||||||
enable = true;
|
|
||||||
name = "main";
|
|
||||||
url = config.services.forgejo.settings.server.ROOT_URL;
|
|
||||||
tokenFile = config.age.secrets."services/forgejo/runner-token".path;
|
|
||||||
labels = [ "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest" ];
|
|
||||||
settings.container.options = "--add-host=code.winston.sh:host-gateway";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx.virtualHosts.${config.services.forgejo.settings.server.DOMAIN} = {
|
services.nginx.virtualHosts.${config.services.forgejo.settings.server.DOMAIN} = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = false;
|
enableACME = false;
|
||||||
|
|
Loading…
Reference in a new issue