This commit is contained in:
Daniel Flanagan 2024-07-24 11:21:31 -05:00
parent 94966a089e
commit f655e43ec7
2 changed files with 24 additions and 13 deletions

View file

@ -111,14 +111,11 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
owner = config.systemd.services.plausible.serviceConfig.User;
group = config.systemd.services.plausible.serviceConfig.Group;
};
nextcloud-admin-password = {
path = "/var/lib/nextcloud/admin-password";
mode = "0440";
# owner = config.services.nextcloud.serviceConfig.User;
# group = config.services.nextcloud.serviceConfig.Group;
};
nextcloud-admin-password.path = "/var/lib/nextcloud/admin-password";
"forgejo-runner.env" = {mode = "0400";};
};
};
systemd.services.gitea-runner-beefcake.serviceConfig.after = ["sops-nix.service"];
}
{
# nix binary cache
@ -745,11 +742,23 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
type = "sqlite3";
};
};
# services.forgejo-actions-runner.instances.main = {
# # TODO: simple git-based automation would be dope? maybe especially for
# # mirroring to github super easy?
# enable = false;
# };
services.gitea-actions-runner = {
# TODO: simple git-based automation would be dope? maybe especially for
# mirroring to github super easy?
# enable = true;
package = pkgs.forgejo-runner;
instances."beefcake" = {
enable = true;
name = "beefcake";
url = "https://git.lyte.dev";
labels = [
# type ":host" does not depend on docker/podman/lxc
"native:host"
"podman"
];
tokenFile = config.sops.secrets."forgejo-runner.env".path;
};
};
services.caddy.virtualHosts."git.lyte.dev" = {
extraConfig = ''
reverse_proxy :${toString config.services.forgejo.settings.server.HTTP_PORT}

View file

@ -12,6 +12,8 @@ plausible-admin-password: ENC[AES256_GCM,data:dC9olypZgMLdPOsmjthOaa/fMLtbGBlF9A
plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str]
plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str]
nextcloud-admin-password: ENC[AES256_GCM,data:QaoSZyommeGED3nWNru92UVO2tjk24HE9fWX7ExYT101o4ZL411TmV1TXHSyfwjmE7yLIm1K/j4xpEbIY3zvFg==,iv:xC5EZVPHumVPOob5jiiXMFAmdFQcFSUPtZgioAgGDDs=,tag:Q/kY38XWkGsqcmCkd2lodg==,type:str]
#ENC[AES256_GCM,data:f5xW/hXVcnVP10SOoNMu1Hi7JNbssHnd/79EoMZmt0IrFK+F3ajO+LBqApEJD+L+kQBZmGn3zuo=,iv:1ISDxi5wlfYvd6J3o6LRlCl9w/uwyU40Ge2Uj/qDHcQ=,tag:jK4aEIGzLZ4d9JdFmiUd1w==,type:comment]
forgejo-runner.env: ENC[AES256_GCM,data:yYLdrYJaDR4FMODLaWnzptaDCV5Nbu1PdcxVl302WbF5/9Ly5sEytTY+g5VcwH8=,iv:Lz9LiF3/fcNYNLhvczFufRnHMPQ9A2ycZRQs//ZB34Q=,tag:w48rGAtYsbZv0qy1S//GIA==,type:str]
jland.env: ENC[AES256_GCM,data:u+QKwKWG9NFduuofhe3aatof3KoC0N4ZpNOD8E/7l0BTSoTe5Tqmz5/33EOcBUw99+YLFR4kTJwdUmLWHk4UD87aGsJ4liPCtXnBsToAzBGg0I3mhGQ/QM8iKXMW9oKb3ciapitQBuJa1WIp5/bHNtCXWQ==,iv:iZDET5EWM4DnAoQqLP9+Ll4S+mFHt2wZ3ENtN79Dbqw=,tag:qVpocN3FxlHfte2hAmtGPA==,type:str]
dawncraft.env: ENC[AES256_GCM,data:8n1ymQZpMeVwTyoHhccV+W5diMLcsZw5zZQy4Z4eaMcLFk8ey3SeXkCf9+GnqpIU5xIZfCP1ZqeSxR03kJx3TPbQeBLZeN/QAYBxHOg/tjXIE6jdIGv0INkVLkExKPlvGN8F+ijwYkwgfqlhKPBf+Q==,iv:EMGlqUxcfvxqn1G1NohrAtJP/fLdolP++zcvaxIvVR4=,tag:1+ueIDCJTxmM586Z7i0aUA==,type:str]
api.lyte.dev: ENC[AES256_GCM,data:14C5GQ41m/g7qHPzxlYoWjKWDOcm7MEDkuSofiuLfRNc/nji61t1eDbKX3d+SQL1UBchJFoBrWrUxnf0mUERhED1196z8vUq2jKEkcqKCAUS3soECInlb8zcxTcxaTFjYSjp1vUBdAn05AqLsF+hh9Bsm4fMQYjnHEZke9EmPZhuTlUdZa4eLv3+L3xAPHk2QIHQhdsjcTjGAZRMZOgTEcCvtGlb5pQuo11XmR2JzwzOXMC51WFDeOIWMAdO80yQBAdILso7rp1Nts/lwF0Bc9t7bNdHyoVTOA==,iv:jWGqUpXOTb/O972qXOqeX0EMFQLDKwaNHBqlpuGrZOk=,tag:uwB/jlAgESkLZ+vJ/OeV0A==,type:str]
@ -39,8 +41,8 @@ sops:
b0lTRjVCMU9ELzdvbFBJZ0tHbGtsYkEKLEcXCEikC3T3hfVOYKtWcNSGmfg28y+f
nGC4dQh9EciEbk1ZBbN3i6YSNULDoMSH172KBmRyt1ogr1ZPyCNqtg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-07T04:00:34Z"
mac: ENC[AES256_GCM,data:e7v7J2QM6p4ljrdEX6uM7PHWb0/DKt1aWIro+YkQct1ym772WKtWFzzm+mV2wqBLLXCAKy7MJ7Y89iTysFO3pdGX1zdw3wMbNfmTCCXCKAUcIih4O0hLHqrfwcoVOuQ0SALESshDmUew/Gqu6NSrL6Wo+jNo7LEAHZ7kFtkP8rQ=,iv:0fmHOKlBzIhKQ4G6DDwlIW2WpLjIS/OAWLexND+/HAQ=,tag:FSqO8/14JwhobpIKaHk77w==,type:str]
lastmodified: "2024-07-24T16:17:32Z"
mac: ENC[AES256_GCM,data:eYtkbwkzLvQ5OYNBEIgWYCjK1CbVd6khyS1MZ9NzY7XAVHEvxqpPI5HPAWMJfk07FuY70X6DV0TNvQEkR7fB4tmawu+Hn3Rc6C/HILSm+zvjWW1t3smIOzvU8l1lPN/Jl/kQZVg1NdVGExCtRf9BuOkaACPPbDCM8uExXsCwstA=,iv:8TnpUBX3HWOzZogpdvsZ2m4b04HJt2nzd0VLrZw9K2w=,tag:pQUBD26+++W25z5pDVkrxw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1