notohh/snowflake
notohh/snowflake
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases Packages Wiki Activity

Compare commits

base: notohh:18f9ffd7aef3a316c7a488cff47239e0c0b7af7d
Branches Tags
notohh:master
..
compare: notohh:d23e8b10b66c8b89fdc488aa467b5661f32c9b16
Branches Tags
notohh:master

No commits in common. "18f9ffd7aef3a316c7a488cff47239e0c0b7af7d" and "d23e8b10b66c8b89fdc488aa467b5661f32c9b16" have entirely different histories.
18f9ffd7ae ... d23e8b10b6

3 changed files with 116 additions and 0 deletions
Show stats Expand all files Collapse all files

4
.sops.yaml
View file

@ -19,3 +19,7 @@ creation_rules:
key_groups: key_groups:
- age: - age:
- *notoh - *notoh
- path_regex: secrets/runners/[^/]+\.yaml$
key_groups:
- age:
- *notoh

89
hosts/tsuru/services/forgejo-runners.nix Normal file
View file

@ -0,0 +1,89 @@
{
pkgs,
config,
...
}: {
sops.secrets = {
snowflake-runner-token = {
sopsFile = ../../../secrets/runners/secrets.yaml;
};
basegbot-runner-token = {
sopsFile = ../../../secrets/runners/secrets.yaml;
};
notohh-dev-runner-token = {
sopsFile = ../../../secrets/runners/secrets.yaml;
};
};
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.snowflake = {
settings = {
container = {
network = "host";
};
};
enable = true;
name = config.networking.hostName;
token = config.sops.secrets.snowflake-runner-token.path;
url = "https://git.flake.sh";
labels = [
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:18-bullseye"
#"native:host"
];
hostPackages = with pkgs; [
bash
curl
coreutils
wget
gitMinimal
];
};
instances.basegbot = {
settings = {
container = {
network = "host";
};
};
enable = true;
name = config.networking.hostName;
token = config.sops.secrets.basegbot-runner-token.path;
url = "https://git.flake.sh";
labels = [
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:18-bullseye"
#"native:host"
];
hostPackages = with pkgs; [
bash
curl
coreutils
wget
gitMinimal
];
};
instances.notohh-dev = {
settings = {
container = {
network = "host";
};
};
enable = true;
name = config.networking.hostName;
token = config.sops.secrets.notohh-dev-runner-token.path;
url = "https://git.flake.sh";
labels = [
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:18-bullseye"
#"native:host"
];
hostPackages = with pkgs; [
bash
curl
coreutils
wget
gitMinimal
];
};
};
}

23
secrets/runners/secrets.yaml Normal file
View file

@ -0,0 +1,23 @@
snowflake-runner-token: ENC[AES256_GCM,data:gDOYwj/gMvVRkjquGycYAprE0vt0dwNqMPkOmMS87mJpYnzi/492XQ==,iv:yHS3aa8oooUnb7I1vnJ+OmiscVSRp9zn0rx1dlVqOPE=,tag:T0hyEQBnvE51pV9dizODxg==,type:str]
basegbot-runner-token: ENC[AES256_GCM,data:qzM8bHr0ZEvzQVPFllurCvUnJ5Y68UGTdGt+ap5GdsLVt99MXN8RuQ==,iv:qkruEo3ak9bx5CdIHRXBUofc5P5YchfFSM4oQljJrDQ=,tag:PBuASIC5RdpUXFz9RotfiQ==,type:str]
notohh-dev-runner-token: ENC[AES256_GCM,data:6UPwZm5s2CnZ7sQkZpkkFdxBkpzY5KzsTuMMOiLnGiFS55QcH1MJqg==,iv:1DMoxaJ1AYOdG3dwt3zZFVjkT9wZLs3MilXT+o2eE8o=,tag:vCqcxLmxh1wiHAkLNSmkNw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVU1hKVEwxZmExcmlPeUlk
NS9lSm1pYTFaYW10TFIwanhLQUVPclR0NWxBCkM2WnlscENDU25KbHk2NlF6OFNa
VmVjcmtWZjcxSFRRRXg1VzA5Mk92VTgKLS0tIGhGWWlGREdHOTdGV3UyTTdRSUlt
dHZqR08yMlh0MW9TS3VMTTlPeXVCTlkKvPQkdIG7XnM/6R3f7tfMx90dn3heBFUP
hN7/ZT9fRr3yegHHsnA+mbwsLH47kBfY70WKHqm0f8TZBY7y1cfF9g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-16T06:46:03Z"
mac: ENC[AES256_GCM,data:1loHXvTxzucT8tTqxfMfKqj3uKGTn2UsZEirLFkz8QaXDah5Kx7f8LDCywLp/vWDUm3JdHXBpWbb6rrhp/yHkF9bEF6JCK/Qvo+ZutzbRJWRoI4d74V2mA6Y8zy2+0B4vVPWjaHaC+PBCsDozoeSkWuMU+HCISmqDl+I9F9v3VQ=,iv:povwVuJ8Y/DzakHgZvCHC5O5bjWcrNpK8aT84EqjFfE=,tag:hFdCYJqS/w/WfGSzvxHddw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1