Compare commits
No commits in common. "18f9ffd7aef3a316c7a488cff47239e0c0b7af7d" and "d23e8b10b66c8b89fdc488aa467b5661f32c9b16" have entirely different histories.
18f9ffd7ae
...
d23e8b10b6
3 changed files with 116 additions and 0 deletions
|
@ -19,3 +19,7 @@ creation_rules:
|
|||
key_groups:
|
||||
- age:
|
||||
- *notoh
|
||||
- path_regex: secrets/runners/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *notoh
|
||||
|
|
89
hosts/tsuru/services/forgejo-runners.nix
Normal file
89
hosts/tsuru/services/forgejo-runners.nix
Normal file
|
@ -0,0 +1,89 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
sops.secrets = {
|
||||
snowflake-runner-token = {
|
||||
sopsFile = ../../../secrets/runners/secrets.yaml;
|
||||
};
|
||||
basegbot-runner-token = {
|
||||
sopsFile = ../../../secrets/runners/secrets.yaml;
|
||||
};
|
||||
notohh-dev-runner-token = {
|
||||
sopsFile = ../../../secrets/runners/secrets.yaml;
|
||||
};
|
||||
};
|
||||
services.gitea-actions-runner = {
|
||||
package = pkgs.forgejo-actions-runner;
|
||||
instances.snowflake = {
|
||||
settings = {
|
||||
container = {
|
||||
network = "host";
|
||||
};
|
||||
};
|
||||
enable = true;
|
||||
name = config.networking.hostName;
|
||||
token = config.sops.secrets.snowflake-runner-token.path;
|
||||
url = "https://git.flake.sh";
|
||||
labels = [
|
||||
"debian-latest:docker://node:18-bullseye"
|
||||
"ubuntu-latest:docker://node:18-bullseye"
|
||||
#"native:host"
|
||||
];
|
||||
hostPackages = with pkgs; [
|
||||
bash
|
||||
curl
|
||||
coreutils
|
||||
wget
|
||||
gitMinimal
|
||||
];
|
||||
};
|
||||
instances.basegbot = {
|
||||
settings = {
|
||||
container = {
|
||||
network = "host";
|
||||
};
|
||||
};
|
||||
enable = true;
|
||||
name = config.networking.hostName;
|
||||
token = config.sops.secrets.basegbot-runner-token.path;
|
||||
url = "https://git.flake.sh";
|
||||
labels = [
|
||||
"debian-latest:docker://node:18-bullseye"
|
||||
"ubuntu-latest:docker://node:18-bullseye"
|
||||
#"native:host"
|
||||
];
|
||||
hostPackages = with pkgs; [
|
||||
bash
|
||||
curl
|
||||
coreutils
|
||||
wget
|
||||
gitMinimal
|
||||
];
|
||||
};
|
||||
instances.notohh-dev = {
|
||||
settings = {
|
||||
container = {
|
||||
network = "host";
|
||||
};
|
||||
};
|
||||
enable = true;
|
||||
name = config.networking.hostName;
|
||||
token = config.sops.secrets.notohh-dev-runner-token.path;
|
||||
url = "https://git.flake.sh";
|
||||
labels = [
|
||||
"debian-latest:docker://node:18-bullseye"
|
||||
"ubuntu-latest:docker://node:18-bullseye"
|
||||
#"native:host"
|
||||
];
|
||||
hostPackages = with pkgs; [
|
||||
bash
|
||||
curl
|
||||
coreutils
|
||||
wget
|
||||
gitMinimal
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
23
secrets/runners/secrets.yaml
Normal file
23
secrets/runners/secrets.yaml
Normal file
|
@ -0,0 +1,23 @@
|
|||
snowflake-runner-token: ENC[AES256_GCM,data:gDOYwj/gMvVRkjquGycYAprE0vt0dwNqMPkOmMS87mJpYnzi/492XQ==,iv:yHS3aa8oooUnb7I1vnJ+OmiscVSRp9zn0rx1dlVqOPE=,tag:T0hyEQBnvE51pV9dizODxg==,type:str]
|
||||
basegbot-runner-token: ENC[AES256_GCM,data:qzM8bHr0ZEvzQVPFllurCvUnJ5Y68UGTdGt+ap5GdsLVt99MXN8RuQ==,iv:qkruEo3ak9bx5CdIHRXBUofc5P5YchfFSM4oQljJrDQ=,tag:PBuASIC5RdpUXFz9RotfiQ==,type:str]
|
||||
notohh-dev-runner-token: ENC[AES256_GCM,data:6UPwZm5s2CnZ7sQkZpkkFdxBkpzY5KzsTuMMOiLnGiFS55QcH1MJqg==,iv:1DMoxaJ1AYOdG3dwt3zZFVjkT9wZLs3MilXT+o2eE8o=,tag:vCqcxLmxh1wiHAkLNSmkNw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVU1hKVEwxZmExcmlPeUlk
|
||||
NS9lSm1pYTFaYW10TFIwanhLQUVPclR0NWxBCkM2WnlscENDU25KbHk2NlF6OFNa
|
||||
VmVjcmtWZjcxSFRRRXg1VzA5Mk92VTgKLS0tIGhGWWlGREdHOTdGV3UyTTdRSUlt
|
||||
dHZqR08yMlh0MW9TS3VMTTlPeXVCTlkKvPQkdIG7XnM/6R3f7tfMx90dn3heBFUP
|
||||
hN7/ZT9fRr3yegHHsnA+mbwsLH47kBfY70WKHqm0f8TZBY7y1cfF9g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-01-16T06:46:03Z"
|
||||
mac: ENC[AES256_GCM,data:1loHXvTxzucT8tTqxfMfKqj3uKGTn2UsZEirLFkz8QaXDah5Kx7f8LDCywLp/vWDUm3JdHXBpWbb6rrhp/yHkF9bEF6JCK/Qvo+ZutzbRJWRoI4d74V2mA6Y8zy2+0B4vVPWjaHaC+PBCsDozoeSkWuMU+HCISmqDl+I9F9v3VQ=,iv:povwVuJ8Y/DzakHgZvCHC5O5bjWcrNpK8aT84EqjFfE=,tag:hFdCYJqS/w/WfGSzvxHddw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
Loading…
Reference in a new issue