From 8e8f9e7adb162945683c85372c2218dee8a99127 Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Date: Fri, 26 Apr 2024 16:52:52 +0200
Subject: [PATCH] Add Gitea service

Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
---
 m/hut/configuration.nix        |  1 +
 m/hut/gitea.nix                | 51 ++++++++++++++++++++++++++++++++++
 secrets/gitea-runner-token.age |  9 ++++++
 secrets/secrets.nix            |  1 +
 4 files changed, 62 insertions(+)
 create mode 100644 m/hut/gitea.nix
 create mode 100644 secrets/gitea-runner-token.age

diff --git a/m/hut/configuration.nix b/m/hut/configuration.nix
index 4014b57..09fba85 100644
--- a/m/hut/configuration.nix
+++ b/m/hut/configuration.nix
@@ -13,6 +13,7 @@
     ./slurm-server.nix
     ./nix-serve.nix
     ./public-inbox.nix
+    ./gitea.nix
     #./pxe.nix
   ];
 
diff --git a/m/hut/gitea.nix b/m/hut/gitea.nix
new file mode 100644
index 0000000..651e2c8
--- /dev/null
+++ b/m/hut/gitea.nix
@@ -0,0 +1,51 @@
+{ config, lib, ... }:
+{
+  age.secrets.giteaRunnerToken.file = ../../secrets/gitea-runner-token.age;
+
+  services.gitea = {
+    enable = true;
+    appName = "Gitea in the jungle";
+
+    settings = {
+      server = {
+        ROOT_URL = "https://jungle.bsc.es/git/";
+        LOCAL_ROOT_URL = "https://jungle.bsc.es/git/";
+        LANDING_PAGE = "explore";
+      };
+      metrics.ENABLED = true;
+      service.REGISTER_MANUAL_CONFIRM = true;
+    };
+  };
+
+  services.gitea-actions-runner.instances = {
+    runrun = {
+      enable = true;
+      name = "runrun";
+      url = "https://jungle.bsc.es/git/";
+      tokenFile = config.age.secrets.giteaRunnerToken.path;
+      labels = [ "native:host" ];
+      settings.runner.capacity = 8;
+    };
+  };
+
+  systemd.services.gitea-runner-runrun = {
+    path = [ "/run/current-system/sw" ];
+    serviceConfig = {
+      # DynamicUser doesn't work well with SSH
+      DynamicUser = lib.mkForce false;
+      User = "gitea-runner";
+      Group = "gitea-runner";
+    };
+  };
+
+  users.users.gitea-runner = {
+    isSystemUser = true;
+    home = "/var/lib/gitea-runner";
+    description = "Gitea Runner";
+    group = "gitea-runner";
+    extraGroups = [ "docker" ];
+    createHome = true;
+  };
+  users.groups.gitea-runner = {};
+}
+
diff --git a/secrets/gitea-runner-token.age b/secrets/gitea-runner-token.age
new file mode 100644
index 0000000..1c799cf
--- /dev/null
+++ b/secrets/gitea-runner-token.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 HY2yRg DQdgCk16Yu524BsrWVf0krnwWzDM6SeaJCgQipOfwCA
+Ab9ocqra/UWJZI+QGMlxUhBu5AzqfjPgXl+ENIiHYGs
+-> ssh-ed25519 CAWG4Q KF9rGCenb3nf+wyz2hyVs/EUEbsmUs5R+1fBxlCibC8
+7++Kxbr3FHVdVfnFdHYdAuR0Tgfd+sRcO6WRss6LhEw
+-> ssh-ed25519 MSF3dg aUe4DhRsu4X8CFOEAnD/XM/o/0qHYSB522woCaAVh0I
+GRcs5cm2YqA/lGhUtbpboBaz7mfgiLaCr+agaB7vACU
+--- 9Q7Ou+Pxq+3RZilCb2dKC/pCFjZEt4rp5KnTUUU7WJ8
+1�
Mw4��	�:H�@�/�gLtM�,�ƥ�*��z�NV5�m��N�o��j1$�T�G_�E{�%��1ǯ��H��A�p�
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 991cdd5..debaccc 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -7,6 +7,7 @@ let
 in
 {
   "gitlab-bsc-es-token.age".publicKeys = hut;
+  "gitea-runner-token.age".publicKeys = hut;
   "ovni-token.age".publicKeys = hut;
   "nosv-token.age".publicKeys = hut;
   "nix-serve.age".publicKeys = hut;