Add Gitea service

Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
2024-04-26 16:52:52 +02:00 · 2024-04-26 16:52:52 +02:00 · 432e6c8521
commit 432e6c8521
parent c8160122b3
4 changed files with 62 additions and 0 deletions
--- a/m/hut/configuration.nix
+++ b/m/hut/configuration.nix
@ -13,6 +13,7 @@
    ./slurm-server.nix
    ./nix-serve.nix
    ./public-inbox.nix
    ./gitea.nix
    #./pxe.nix
  ];
--- a/m/hut/gitea.nix
+++ b/m/hut/gitea.nix
@ -0,0 +1,51 @@
 { config, lib, ... }:
 {
  age.secrets.giteaRunnerToken.file = ../../secrets/gitea-runner-token.age;
  services.gitea = {
    enable = true;
    appName = "Gitea in the jungle";
    settings = {
      server = {
        ROOT_URL = "https://jungle.bsc.es/git/";
        LOCAL_ROOT_URL = "https://jungle.bsc.es/git/";
        LANDING_PAGE = "explore";
      };
      metrics.ENABLED = true;
      service.REGISTER_MANUAL_CONFIRM = true;
    };
  };
  services.gitea-actions-runner.instances = {
    runrun = {
      enable = true;
      name = "runrun";
      url = "https://jungle.bsc.es/git/";
      tokenFile = config.age.secrets.giteaRunnerToken.path;
      labels = [ "native:host" ];
      settings.runner.capacity = 8;
    };
  };
  systemd.services.gitea-runner-runrun = {
    path = [ "/run/current-system/sw" ];
    serviceConfig = {
      # DynamicUser doesn't work well with SSH
      DynamicUser = lib.mkForce false;
      User = "gitea-runner";
      Group = "gitea-runner";
    };
  };
  users.users.gitea-runner = {
    isSystemUser = true;
    home = "/var/lib/gitea-runner";
    description = "Gitea Runner";
    group = "gitea-runner";
    extraGroups = [ "docker" ];
    createHome = true;
  };
  users.groups.gitea-runner = {};
 }
--- a/secrets/gitea-runner-token.age
+++ b/secrets/gitea-runner-token.age
@ -0,0 +1,9 @@
 age-encryption.org/v1
 -> ssh-ed25519 HY2yRg DQdgCk16Yu524BsrWVf0krnwWzDM6SeaJCgQipOfwCA
 Ab9ocqra/UWJZI+QGMlxUhBu5AzqfjPgXl+ENIiHYGs
 -> ssh-ed25519 CAWG4Q KF9rGCenb3nf+wyz2hyVs/EUEbsmUs5R+1fBxlCibC8
 7++Kxbr3FHVdVfnFdHYdAuR0Tgfd+sRcO6WRss6LhEw
 -> ssh-ed25519 MSF3dg aUe4DhRsu4X8CFOEAnD/XM/o/0qHYSB522woCaAVh0I
 GRcs5cm2YqA/lGhUtbpboBaz7mfgiLaCr+agaB7vACU
 --- 9Q7Ou+Pxq+3RZilCb2dKC/pCFjZEt4rp5KnTUUU7WJ8
 1¬Mw4‘Í	ì:Hµ@Á/ägLtMÇ,ßÆ¥ô*¡žzñNV5ˆm‚ÍNŽoÞáj1$÷TøG_³E{Œ%“‰1Ç¯‘<>H£îAÛp™
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -7,6 +7,7 @@ let
 in
 {
  "gitlab-bsc-es-token.age".publicKeys = hut;
  "gitea-runner-token.age".publicKeys = hut;
  "ovni-token.age".publicKeys = hut;
  "nosv-token.age".publicKeys = hut;
  "nix-serve.age".publicKeys = hut;