From 8177e8407a42b6b27e78218681715b671b5414cf Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Wed, 4 Sep 2024 12:00:59 +0200 Subject: [PATCH] forgejo: properly configure runner --- modules/forgejo/actions.nix | 8 +++++--- secrets/quitte.yaml | 6 ++++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/modules/forgejo/actions.nix b/modules/forgejo/actions.nix index caeb7b3..97addd7 100644 --- a/modules/forgejo/actions.nix +++ b/modules/forgejo/actions.nix @@ -1,5 +1,6 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: { + sops.secrets."forgejo/runner-token" = { }; services.gitea-actions-runner = { package = pkgs.forgejo-actions-runner; instances."quitte" = { @@ -12,8 +13,9 @@ # provide native execution on the host # "native:host" ]; - #TODO get a token from git.ifsr.de and use it - # tokenfile = /"dev/null"; + tokenFile = config.sops.secrets."forgejo/runner-token".path; + url = "https://git.ifsr.de"; + name = "quitte"; }; }; } diff --git a/secrets/quitte.yaml b/secrets/quitte.yaml index e917f2d..67ab101 100644 --- a/secrets/quitte.yaml +++ b/secrets/quitte.yaml @@ -7,6 +7,8 @@ keycloak: portunus: admin-password: ENC[AES256_GCM,data:fESE6vrKhtslQO6ZJGv0T9t+leOSrgkY291orkwY+HPnOh26g2PSMX3j,iv:qmbCmjg0WsbOzfv6LsKcY3S1ssVXmaRB3lE6ZWzKSww=,tag:t8cP8XRTtto3EnNLEdz0yw==,type:str] search-password: ENC[AES256_GCM,data:xtbWS98IkQbnBu67sN413VNHZLg6eedbStE2uZ2pljS30uoM3coO2d32,iv:lKMTNnQJJfjAG7aX+G0eNnL36Cxmn+cWMRAlTovMJ4Y=,tag:FQGRBqsmY2c9VVIdBvGwCw==,type:str] +forgejo: + runner-token: ENC[AES256_GCM,data:oH8oRzpXPlqqWGYKZuP92DWHrtVgrQ7Zp+AsTePxdPJShCAGyfwJ/A==,iv:sz4w03wdpBwlKJ2jI4J6iq2yZYOfYiNXsE1plO89I8o=,tag:5QXeakrAP5yWlAjACavw+w==,type:str] sssd: env: ENC[AES256_GCM,data:ng189+ulH79xCZKOn9N5kN3KqED9dWqLM8dErukJH3a3ivxhUjyy3Tpa+uSnJDh8tAyOesT1j71mlTgKQKb3phylVEdL,iv:i8NEGR+eQ42q5be4gJdNMf/9DCCcjr3gwkEW/+hrgxs=,tag:16EvtkTu+0M5bIlgxC2j9Q==,type:str] dovecot_ldap_search: ENC[AES256_GCM,data:xip5KREy8oqH+58DOtw9QLcVdDlO5Nr0IHki8X0i9J1rrI/BreH2tVPC8aRTDHFPRgpBxiL6,iv:98PSXajEis7sSJ4+IkPuBC05y8w7/XRYQVFH1cripEU=,tag:LcId5rlzz3JjjZIHwoh+AA==,type:str] @@ -50,8 +52,8 @@ sops: c2lzVGV6WnVQT1pOTTVwRUxlMWZobWsK0CrDl2ELoYOTrMt3uN3mgBSyaYqOQY4I vBK12PV9FR9GFpKN4kGB03PZ0gV0N1zlcCHpnPCUuHwbCvvF2+vCag== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-01T19:00:49Z" - mac: ENC[AES256_GCM,data:actvHBjLWBsKyU8U4mHApckLZ0ncbNaJeqRd0DgC/oX8hZ000/mfyWFT1NiZzbohaHh9c3KI6HvdwhJKvU1qIpnILNe89Y6iTQGbMLRNTemKaWuo9266V/vqLT7cy7JLsxoCcCi8a+AWja7H8k7tXixFz7/dwBE+nzWhdz0yju8=,iv:EsQvThgS/fgE4ygAdwQSbg5yH9AbUUvE1YGKtHV+BoM=,tag:hYiOsia05MhtIUh9JfpXMw==,type:str] + lastmodified: "2024-09-04T09:59:31Z" + mac: ENC[AES256_GCM,data:aJhc+EdQKG1uYktc4RqNbxzYTKkQefPYNWmjsZbLJJPO/DewtZrDwuEt8BipLDQaA02j34cSIj0r0STfRKz7OH/K9VMtrdlOUqi5Zik8OZX2u4A9r/iIWFr0i8eMmlaoYk/qR0llwkd8hA4kxuSfmdPzDmxpIbqwqgIUtsi0wb8=,iv:cFwUzkjKU3JN2us9whRg95oPks5+jm1sL3Q2RKLif6Y=,tag:zY2OZF8b7bthg+yIzmyDeA==,type:str] pgp: - created_at: "2024-02-29T15:23:23Z" enc: |-