Add Gitea service

Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
2024-04-26 16:52:52 +02:00 · 2024-04-26 16:52:52 +02:00 · 7c63c034b8
commit 7c63c034b8
parent 1aa51a816c
4 changed files with 62 additions and 0 deletions
--- a/m/hut/configuration.nix
+++ b/m/hut/configuration.nix
@ -13,6 +13,7 @@
    ./slurm-server.nix
    ./nix-serve.nix
    ./public-inbox.nix
+    ./gitea.nix
    #./pxe.nix
  ];

--- a/m/hut/gitea.nix
+++ b/m/hut/gitea.nix
@ -0,0 +1,51 @@
+{ config, lib, ... }:
+{
+  age.secrets.giteaRunnerToken.file = ../../secrets/gitea-runner-token.age;
+
+  services.gitea = {
+    enable = true;
+    appName = "Gitea in the jungle";
+
+    settings = {
+      server = {
+        ROOT_URL = "https://jungle.bsc.es/git/";
+        LOCAL_ROOT_URL = "https://jungle.bsc.es/git/";
+        LANDING_PAGE = "explore";
+      };
+      metrics.ENABLED = true;
+      service.REGISTER_MANUAL_CONFIRM = true;
+    };
+  };
+
+  services.gitea-actions-runner.instances = {
+    runrun = {
+      enable = true;
+      name = "runrun";
+      url = "https://jungle.bsc.es/git/";
+      tokenFile = config.age.secrets.giteaRunnerToken.path;
+      labels = [ "native:host" ];
+      settings.runner.capacity = 8;
+    };
+  };
+
+  systemd.services.gitea-runner-runrun = {
+    path = [ "/run/current-system/sw" ];
+    serviceConfig = {
+      # DynamicUser doesn't work well with SSH
+      DynamicUser = lib.mkForce false;
+      User = "gitea-runner";
+      Group = "gitea-runner";
+    };
+  };
+
+  users.users.gitea-runner = {
+    isSystemUser = true;
+    home = "/var/lib/gitea-runner";
+    description = "Gitea Runner";
+    group = "gitea-runner";
+    extraGroups = [ "docker" ];
+    createHome = true;
+  };
+  users.groups.gitea-runner = {};
+}
+
--- a/secrets/gitea-runner-token.age
+++ b/secrets/gitea-runner-token.age
@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 HY2yRg DQdgCk16Yu524BsrWVf0krnwWzDM6SeaJCgQipOfwCA
+Ab9ocqra/UWJZI+QGMlxUhBu5AzqfjPgXl+ENIiHYGs
+-> ssh-ed25519 CAWG4Q KF9rGCenb3nf+wyz2hyVs/EUEbsmUs5R+1fBxlCibC8
+7++Kxbr3FHVdVfnFdHYdAuR0Tgfd+sRcO6WRss6LhEw
+-> ssh-ed25519 MSF3dg aUe4DhRsu4X8CFOEAnD/XM/o/0qHYSB522woCaAVh0I
+GRcs5cm2YqA/lGhUtbpboBaz7mfgiLaCr+agaB7vACU
+--- 9Q7Ou+Pxq+3RZilCb2dKC/pCFjZEt4rp5KnTUUU7WJ8
+1¬Mw4‘Í	ì:Hµ@Á/ägLtMÇ,ßÆ¥ô*¡žzñNV5ˆm‚ÍNŽoÞáj1$÷TøG_³E{Œ%“‰1Ç¯‘<>H£îAÛp™
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -7,6 +7,7 @@ let
 in
 {
  "gitlab-bsc-es-token.age".publicKeys = hut;
+  "gitea-runner-token.age".publicKeys = hut;
  "ovni-token.age".publicKeys = hut;
  "nosv-token.age".publicKeys = hut;
  "nix-serve.age".publicKeys = hut;