traefik: init gitssh

forgejo: move runner to yuki
yuki: init forgejo runner
2023-10-07 17:06:51 -04:00 · 2023-10-07 17:03:18 -04:00 · 2023-10-07 17:03:11 -04:00
4 changed files with 48 additions and 22 deletions
--- a/hosts/sakura/services/forgejo.nix
+++ b/hosts/sakura/services/forgejo.nix
@ -4,7 +4,6 @@
  config,
  ...
 }: {
-  sops.secrets.forgejo-runner-token = {owner = "forgejo";};
  services.forgejo = {
    enable = true;
    stateDir = "/var/lib/forgejo";
@ -43,25 +42,4 @@
      };
    };
  };
-  services.gitea-actions-runner = {
-    package = pkgs.forgejo-actions-runner;
-    instances.main = {
-      enable = true;
-      name = config.networking.hostName;
-      url = "https://git.flake.sh";
-      token = config.sops.secrets.forgejo-runner-token.path;
-      labels = [
-        "debian-latest:docker://node:18-bullseye"
-        "ubuntu-latest:docker://node:18-bullseye"
-        #"native:host"
-      ];
-      hostPackages = with pkgs; [
-        bash
-        curl
-        coreutils
-        wget
-        gitMinimal
-      ];
-    };
-  };
 }
--- a/hosts/sora/services/traefik.nix
+++ b/hosts/sora/services/traefik.nix
@ -12,6 +12,16 @@
  services.traefik = {
    enable = true;
    dynamicConfigOptions = {
+      tcp = {
+        routers = {
+          gitssh = {
+            rule = "HostSNI(`*`)";
+            entrypoints = ["gitssh"];
+            service = "gitssh";
+            tls.passthrough = true;
+          };
+        };
+      };
      http = {
        middlewares.authelia = {
          forwardauth = {
@ -107,6 +117,7 @@
          grafana.loadBalancer.servers = [{url = "http://100.121.201.47:3100";}];
          hedgedoc.loadBalancer.servers = [{url = "http://100.121.201.47:3300";}];
          vaultwarden.loadBalancer.servers = [{url = "http://100.121.201.47:8222";}];
+          gitssh.loadBalancer.servers = [{url = "tcp://100.121.201.47:2222";}];
        };
      };
    };
@ -125,6 +136,9 @@
        web = {
          address = ":80";
        };
+        gitssh = {
+          address = ":2222";
+        };
      };
      metrics = {
        prometheus = {
--- a/hosts/yuki/services/default.nix
+++ b/hosts/yuki/services/default.nix
@ -8,5 +8,6 @@
    ./dashdot.nix
    ./jellyfin.nix
    ./neko.nix
+    ./forgejo-runners.nix
  ];
 }
--- a/hosts/yuki/services/forgejo-runners.nix
+++ b/hosts/yuki/services/forgejo-runners.nix
@ -0,0 +1,33 @@
+{
+  pkgs,
+  config,
+  ...
+}: {
+  sops.secrets.forgejo-runner-token = {};
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-actions-runner;
+    instances.main = {
+      settings = {
+        container = {
+          network = "host";
+        };
+      };
+      enable = true;
+      name = config.networking.hostName;
+      url = "https://git.flake.sh";
+      token = "gdeEbeUTifa1nK7EfRgBmvm6XRdQE1zZzAatBRSC";
+      labels = [
+        "debian-latest:docker://node:18-bullseye"
+        "ubuntu-latest:docker://node:18-bullseye"
+        #"native:host"
+      ];
+      hostPackages = with pkgs; [
+        bash
+        curl
+        coreutils
+        wget
+        gitMinimal
+      ];
+    };
+  };
+}
Author	SHA1	Message	Date
notohh	9eea38d000	traefik: init gitssh All checks were successful / check (push) Successful in 32s	2023-10-07 17:06:51 -04:00
notohh	6e7fc97959	forgejo: move runner to yuki	2023-10-07 17:03:18 -04:00
notohh	ce570b6ed3	yuki: init forgejo runner	2023-10-07 17:03:11 -04:00