From 28546da92cb1f213aaf13c48bb254971e021a003 Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 5 Oct 2023 14:02:59 -0400 Subject: [PATCH 01/17] ci: init forgejo ci folder --- .forgejo/workflows/test.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 .forgejo/workflows/test.yml diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml new file mode 100644 index 0000000..e69de29 From 9cb73ed40a33971441c23e243d4397fd279fc891 Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 5 Oct 2023 14:43:31 -0400 Subject: [PATCH 02/17] ci: init .forgejo --- .forgejo/workflows/test.yaml | 6 ++++++ .forgejo/workflows/test.yml | 0 2 files changed, 6 insertions(+) create mode 100644 .forgejo/workflows/test.yaml delete mode 100644 .forgejo/workflows/test.yml diff --git a/.forgejo/workflows/test.yaml b/.forgejo/workflows/test.yaml new file mode 100644 index 0000000..e883d77 --- /dev/null +++ b/.forgejo/workflows/test.yaml @@ -0,0 +1,6 @@ +on: [push] +jobs: + test: + runs-on: ubuntu-latest + steps: + - run: echo All Good \ No newline at end of file diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml deleted file mode 100644 index e69de29..0000000 From fbeb360a9cbd81f414a3cb56fc8e3ed497df68dd Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 5 Oct 2023 14:45:39 -0400 Subject: [PATCH 03/17] ci: remove .woodpecker --- .woodpecker/checks.yml | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 .woodpecker/checks.yml diff --git a/.woodpecker/checks.yml b/.woodpecker/checks.yml deleted file mode 100644 index 72f8c83..0000000 --- a/.woodpecker/checks.yml +++ /dev/null @@ -1,11 +0,0 @@ -steps: - check: - image: nixos/nix - commands: - - echo 'experimental-features = flakes nix-command' >> /etc/nix/nix.conf - - nix flake check - fmt: - image: nixos/nix - commands: - - echo 'experimental-features = flakes nix-command' >> /etc/nix/nix.conf - - nix run nixpkgs#alejandra -- -c . From c2392d759c44a33310e8f2eabfd8321a835f4992 Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 5 Oct 2023 14:45:45 -0400 Subject: [PATCH 04/17] forgejo: init actions runner --- hosts/sakura/services/forgejo.nix | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/hosts/sakura/services/forgejo.nix b/hosts/sakura/services/forgejo.nix index 5ad579c..8378b39 100644 --- a/hosts/sakura/services/forgejo.nix +++ b/hosts/sakura/services/forgejo.nix @@ -1,4 +1,8 @@ -{lib, ...}: { +{ + lib, + config, + ... +}: { services.forgejo = { enable = true; stateDir = "/var/lib/forgejo"; @@ -10,7 +14,7 @@ }; actions = { ENABLED = true; - DEFAULT_ACTIONS_URL = "https://gitea.com"; + DEFAULT_ACTIONS_URL = "https://code.forgejo.org"; }; server = { HTTP_PORT = 3200; @@ -32,4 +36,15 @@ }; }; }; + services.gitea-actions-runner.instances.main = { + enable = true; + name = config.networking.hostName; + url = "https://git.flake.sh"; + token = "WJXKbVSyfUVpeJYiFpRlf04CyxDS0mYG7at8B9kX"; + labels = [ + "debian-latest:docker://node:18-bullseye" + "ubuntu-latest:docker://node:18-bullseye" + #"native:host" + ]; + }; } From ff62d8cefbaef3fc3ac38a36b9e1a90c5889ad5d Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 5 Oct 2023 14:55:34 -0400 Subject: [PATCH 05/17] forgejo: use sops for runner token --- hosts/sakura/services/forgejo.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/sakura/services/forgejo.nix b/hosts/sakura/services/forgejo.nix index 8378b39..fabd747 100644 --- a/hosts/sakura/services/forgejo.nix +++ b/hosts/sakura/services/forgejo.nix @@ -3,6 +3,7 @@ config, ... }: { + sops.secrets.forgejo-runner-token = {owner = "forgejo";}; services.forgejo = { enable = true; stateDir = "/var/lib/forgejo"; @@ -40,7 +41,7 @@ enable = true; name = config.networking.hostName; url = "https://git.flake.sh"; - token = "WJXKbVSyfUVpeJYiFpRlf04CyxDS0mYG7at8B9kX"; + token = config.sops.secrets.forgejo-runner-token.path; labels = [ "debian-latest:docker://node:18-bullseye" "ubuntu-latest:docker://node:18-bullseye" From 116fc3022c9fa0a83bc946378298087ffe21cd58 Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 5 Oct 2023 14:55:51 -0400 Subject: [PATCH 06/17] sops: add forgejo runner token --- secrets/secrets.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 933adf2..1f186f3 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -13,6 +13,7 @@ miniflux: ENC[AES256_GCM,data:C4kurW7+C62ewPUalvJWnxV/fipCEwFFvkAst13aRAwi0v+R8g authelia-jwt: ENC[AES256_GCM,data:cAn2uZeSGjG2FqTFgZkupcSutCZLvZXCNBsxuUQvGX4=,iv:1OTDQzQwaPTmnTEB4TfnxU6l8CdBAlHfqFThE8QZa6A=,tag:KJ6aYDczHFajhLJHemfIQw==,type:str] authelia-sek: ENC[AES256_GCM,data:yWhAvl1AuEcrUCFAv2vcz6A8BLEIMIz9sqbFRAriHpw=,iv:i887EZgqGtRfFs6mHHAJry0XfQzvrTaDliz8PRh7oLs=,tag:dmn2GSG8gZk9CVXMNmH1Dw==,type:str] cloudflareddns: ENC[AES256_GCM,data:xow7oaqa3QbMPwggx2zmGvLcKmov7isvLLZKuC6jW/SNjst8kicSQmNhrZw8M/eq8TuqxOT4BqMILQ+I7As2ZCOjSbEBxi1DwU/z47qI,iv:W8UH4kWlh9JyxcGkeuOjRZKqjOHDg9vpzXezHYs1kEg=,tag:YgGk7svEQr9sqLJtKWcHqA==,type:str] +forgejo-runner-token: ENC[AES256_GCM,data:cmE70bA22B1YMr/iD32f+TRhk/X1f4aA8N4z1NGj4GxLgYMXkS1FpA==,iv:8XQ00VnQTyOh3wgb3ipO8P0QTo3qPSAJXvf7rRGi+Tc=,tag:QZpyUa+MDL8Hsjj3mdpOnA==,type:str] sops: kms: [] gcp_kms: [] @@ -28,8 +29,8 @@ sops: YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt 5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-03T19:45:04Z" - mac: ENC[AES256_GCM,data:wTc3M3ivjFWumD0pjSPfaf96dAefRCGxupx7X7F4LiH0RsgsX6godc9N9Er1S5rk/uht07rwpMTdEPUXKRofsRlUrLPaOu/q/74QptNCLtwSQxTIpSiWyIYeQz1nuizkqdZdCCaBXAiVpk8vPp9RDe21ZUgZzEDOeWrg9cYMFmg=,iv:8xzWyRQz6w764ZFAaMKf47HqlkJEVgVUjOeP8cvKlTE=,tag:/nfRoAEAb2IzknuD0CDnEA==,type:str] + lastmodified: "2023-10-05T18:49:20Z" + mac: ENC[AES256_GCM,data:kREsbUEnGXtF5gsAsYt3OwlIK2EirR6qP5hTHcdiEqtSpfjjYR1ifDEGL3Pdr3it/aceuHXprxf3UcTHlIlmQFp/m7UQdiQVp/nUJnSCcWKNxPUru832rp6T41mQ6iU+Np9rHSUMGhKeUEFUBuIFqVScWG/HmZvti079ZcFRBCQ=,iv:G0mgLbH2WiOQOfRgYFeH5k+FtGaaN4mKvKf/WQB/nZk=,tag:c/WOM52rSTquTfT5hKyxiw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.0 From c6227b3031a85a712899dc74ab4642d7a7e0c8d7 Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 5 Oct 2023 15:04:20 -0400 Subject: [PATCH 07/17] disable woodpecker --- hosts/sakura/services/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/sakura/services/default.nix b/hosts/sakura/services/default.nix index ebc4adc..7b9d5e9 100644 --- a/hosts/sakura/services/default.nix +++ b/hosts/sakura/services/default.nix @@ -4,7 +4,6 @@ ./authelia.nix ./forgejo.nix ./rustypaste.nix - ./woodpecker.nix ./hedgedoc.nix ./dashdot.nix ./grafana.nix From 882c0723e98762cc40d8e68c52770385f1334603 Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 5 Oct 2023 15:23:06 -0400 Subject: [PATCH 08/17] ci: try test workflows --- .forgejo/workflows/check.yml | 14 ++++++++++++++ .forgejo/workflows/flake-lock-update.yml | 0 .forgejo/workflows/fmt.yml | 0 .forgejo/workflows/test.yaml | 6 ------ 4 files changed, 14 insertions(+), 6 deletions(-) create mode 100644 .forgejo/workflows/check.yml create mode 100644 .forgejo/workflows/flake-lock-update.yml create mode 100644 .forgejo/workflows/fmt.yml delete mode 100644 .forgejo/workflows/test.yaml diff --git a/.forgejo/workflows/check.yml b/.forgejo/workflows/check.yml new file mode 100644 index 0000000..2f84307 --- /dev/null +++ b/.forgejo/workflows/check.yml @@ -0,0 +1,14 @@ +on: [push] +jobs: + check: + runs-on: ubuntu-latest + steps: + - uses: https://code.forgejo.org/actions/checkout@v3 + - uses: https://github.com/cachix/install-nix-action@v22 + with: + install_url: https://nixos.org/nix/install + extra_nix_config: | + auto-optimise-store = true + access-tokens = ${{ secrets.FORGEJO_TOKEN }} + experimental-features = nix-command flakes + - run: nix flake check \ No newline at end of file diff --git a/.forgejo/workflows/flake-lock-update.yml b/.forgejo/workflows/flake-lock-update.yml new file mode 100644 index 0000000..e69de29 diff --git a/.forgejo/workflows/fmt.yml b/.forgejo/workflows/fmt.yml new file mode 100644 index 0000000..e69de29 diff --git a/.forgejo/workflows/test.yaml b/.forgejo/workflows/test.yaml deleted file mode 100644 index e883d77..0000000 --- a/.forgejo/workflows/test.yaml +++ /dev/null @@ -1,6 +0,0 @@ -on: [push] -jobs: - test: - runs-on: ubuntu-latest - steps: - - run: echo All Good \ No newline at end of file From 4316a26a57fc86502789e12ffbcdf9b09c864322 Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 5 Oct 2023 15:54:47 -0400 Subject: [PATCH 09/17] ci: try using different installer --- .forgejo/workflows/check.yml | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/.forgejo/workflows/check.yml b/.forgejo/workflows/check.yml index 2f84307..e8ae0f0 100644 --- a/.forgejo/workflows/check.yml +++ b/.forgejo/workflows/check.yml @@ -3,12 +3,6 @@ jobs: check: runs-on: ubuntu-latest steps: - - uses: https://code.forgejo.org/actions/checkout@v3 - - uses: https://github.com/cachix/install-nix-action@v22 - with: - install_url: https://nixos.org/nix/install - extra_nix_config: | - auto-optimise-store = true - access-tokens = ${{ secrets.FORGEJO_TOKEN }} - experimental-features = nix-command flakes - - run: nix flake check \ No newline at end of file + - uses: actions/checkout@v3 + - uses: https://github.com/DeterminateSystems/nix-installer-action@main + - run: nix flake check From 6342f2f19fc2e6adfef0f311f01b0f35ca3fe078 Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 5 Oct 2023 15:54:57 -0400 Subject: [PATCH 10/17] forgejo: install pkgs for runners --- hosts/sakura/services/forgejo.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/hosts/sakura/services/forgejo.nix b/hosts/sakura/services/forgejo.nix index fabd747..cef718f 100644 --- a/hosts/sakura/services/forgejo.nix +++ b/hosts/sakura/services/forgejo.nix @@ -1,4 +1,5 @@ { + pkgs, lib, config, ... @@ -47,5 +48,14 @@ "ubuntu-latest:docker://node:18-bullseye" #"native:host" ]; + hostPackages = with pkgs; [ + sudo + bash + curl + coreutils + wget + gitMinimal + wget + ]; }; } From e6caef73e03ffb5f446a03a3a49f6570797ad250 Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 5 Oct 2023 15:58:45 -0400 Subject: [PATCH 11/17] ci: init gh access token --- .forgejo/workflows/check.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.forgejo/workflows/check.yml b/.forgejo/workflows/check.yml index e8ae0f0..69647a6 100644 --- a/.forgejo/workflows/check.yml +++ b/.forgejo/workflows/check.yml @@ -5,4 +5,7 @@ jobs: steps: - uses: actions/checkout@v3 - uses: https://github.com/DeterminateSystems/nix-installer-action@main + with: + - extra-conf: | + access-tokens = github.com=${{ secrets.GH_TOKEN }} - run: nix flake check From a4bc75914216f8d379649329d11b65fb5ebf4376 Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 5 Oct 2023 16:00:45 -0400 Subject: [PATCH 12/17] ci: try using different conf --- .forgejo/workflows/check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/check.yml b/.forgejo/workflows/check.yml index 69647a6..a83f3fb 100644 --- a/.forgejo/workflows/check.yml +++ b/.forgejo/workflows/check.yml @@ -7,5 +7,5 @@ jobs: - uses: https://github.com/DeterminateSystems/nix-installer-action@main with: - extra-conf: | - access-tokens = github.com=${{ secrets.GH_TOKEN }} + github-token = ${{ secrets.GH_TOKEN }} - run: nix flake check From e07558bf9556d933ea67d996077ee876c41f5552 Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 5 Oct 2023 16:05:20 -0400 Subject: [PATCH 13/17] try this for auth --- .forgejo/workflows/check.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.forgejo/workflows/check.yml b/.forgejo/workflows/check.yml index a83f3fb..6c1cf44 100644 --- a/.forgejo/workflows/check.yml +++ b/.forgejo/workflows/check.yml @@ -6,6 +6,5 @@ jobs: - uses: actions/checkout@v3 - uses: https://github.com/DeterminateSystems/nix-installer-action@main with: - - extra-conf: | - github-token = ${{ secrets.GH_TOKEN }} + - github-token: ${{ secrets.GH_TOKEN }} - run: nix flake check From f98544ab124a34f0e79ae9659aaa087704109b58 Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 5 Oct 2023 16:07:43 -0400 Subject: [PATCH 14/17] switch gh token again --- .forgejo/workflows/check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/check.yml b/.forgejo/workflows/check.yml index 6c1cf44..7242c25 100644 --- a/.forgejo/workflows/check.yml +++ b/.forgejo/workflows/check.yml @@ -6,5 +6,5 @@ jobs: - uses: actions/checkout@v3 - uses: https://github.com/DeterminateSystems/nix-installer-action@main with: - - github-token: ${{ secrets.GH_TOKEN }} + - github-token: github.com=${{ secrets.GH_TOKEN }} - run: nix flake check From 70b323d8c46ac72f9e7e5fbad04575328052d6d0 Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 5 Oct 2023 16:07:51 -0400 Subject: [PATCH 15/17] forgejo: remove sudo from pkgs --- hosts/sakura/services/forgejo.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/sakura/services/forgejo.nix b/hosts/sakura/services/forgejo.nix index cef718f..e9eca03 100644 --- a/hosts/sakura/services/forgejo.nix +++ b/hosts/sakura/services/forgejo.nix @@ -49,7 +49,6 @@ #"native:host" ]; hostPackages = with pkgs; [ - sudo bash curl coreutils From fa58496a9721d3a316a8d2614e9bb54c72cae8d9 Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 5 Oct 2023 16:20:31 -0400 Subject: [PATCH 16/17] switch back gh token --- .forgejo/workflows/check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/check.yml b/.forgejo/workflows/check.yml index 7242c25..6c1cf44 100644 --- a/.forgejo/workflows/check.yml +++ b/.forgejo/workflows/check.yml @@ -6,5 +6,5 @@ jobs: - uses: actions/checkout@v3 - uses: https://github.com/DeterminateSystems/nix-installer-action@main with: - - github-token: github.com=${{ secrets.GH_TOKEN }} + - github-token: ${{ secrets.GH_TOKEN }} - run: nix flake check From 864decbb8aa4679f3232bc52a51ba91863c03b62 Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 5 Oct 2023 16:23:41 -0400 Subject: [PATCH 17/17] fix syntax --- .forgejo/workflows/check.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/check.yml b/.forgejo/workflows/check.yml index 6c1cf44..3a57dd9 100644 --- a/.forgejo/workflows/check.yml +++ b/.forgejo/workflows/check.yml @@ -4,7 +4,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: https://github.com/DeterminateSystems/nix-installer-action@main + - name: install nix action + uses: https://github.com/DeterminateSystems/nix-installer-action@main with: - - github-token: ${{ secrets.GH_TOKEN }} + github-token: ${{ secrets.GH_TOKEN }} - run: nix flake check