diff --git a/modules/servers/gitea.nix b/modules/servers/gitea.nix index 8c304be..3735458 100644 --- a/modules/servers/gitea.nix +++ b/modules/servers/gitea.nix @@ -11,6 +11,7 @@ in { options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083; config.services = { + sops.secrets = lib.mkIf cfg.enable { gitea.sopsFile = ../../secrets/env.yaml; }; gitea = lib.mkIf cfg.enable { enable = true; domain = cfg.host; @@ -20,7 +21,7 @@ in server.HTTP_PORT = cfg.port; mailer = { ENABLED = true; - MAILER_TYPE = "sendmail"; + PROTOCOL = "sendmail"; FROM = config.my.smtpemail; SENDMAIL_PATH = "${pkgs.msmtp}/bin/msmtp"; }; @@ -31,6 +32,53 @@ in createDatabase = false; }; }; + gitea-actions-runner.instances.ryujinx = { + enable = true; + url = cfg.url; + name = "${config.networking.hostName}-ryujinx"; + tokenFile = config.sops.secrets.gitea.path; + labels = [ + "ubuntu-latest:host" + "ubuntu-20.04:host" + ]; + hostPackages = + let + python3 = pkgs.python3.withPackages ( + ps: + builtins.attrValues { + inherit (ps) + pyyaml + lxml + ; + } + ); + in + builtins.attrValues { + inherit python3; + inherit (pkgs) + bash + coreutils + curl + gawk + gitMinimal + gnused + nodejs + wget + gnutar + gzip + dotnet-sdk_8 + openal + vulkan-loader + libGL + gtk3 + llvm_15 + rcodesign + gh + p7zip + ; + inherit (pkgs.xorg) libX11; + }; + }; nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg); }; } diff --git a/secrets/env.yaml b/secrets/env.yaml index b3616bb..014fe54 100644 --- a/secrets/env.yaml +++ b/secrets/env.yaml @@ -2,6 +2,7 @@ stash: password: ENC[AES256_GCM,data:DVtKQmtOQA/jS3ZncbuPKMukJyo=,iv:FSLl4Qbq58X0WNjqz8LLOW6XpBQxE5W7L9yOTBQkBOA=,tag:Qun+5Vf193Qt8n+Yp9lBJg==,type:str] jwt: ENC[AES256_GCM,data:C1RcyQn3j5LaCSDGPjBAm6RYsqvVn1HIFxxBP4FNx7NVCroju4VEtkV98Ve0D6Z60L3mB1yOqi8OrEgXNJv+vw==,iv:t8pmLzXwg1g9kkiL98ql9YLaSitaXoJiiLiUf3G1cWk=,tag:D3mdFIe3m3219E4V8yhmpg==,type:str] session: ENC[AES256_GCM,data:ifUXaGIO7xKPgtTVEeERx0OyBDni2eoWo7dFxazQ4W2DBrnzQfJ7Plqt8EYLhQQRP4I6e33+oEKNzpuiG+XJCw==,iv:AOI0lMcTT02GpOCQuX74hPBKth3WdFN2W2wlqKgrKJM=,tag:1I+brf4G2oKE7o2E90q/CQ==,type:str] +gitea: ENC[AES256_GCM,data:NiR+hByQblQJDC3bfdAb0QZxedXCb4ITJMO2rJUKH0/uXGOaJcV6cA==,iv:FithcaNnQAipFCy3bCffaplND42x92836hMv09eMrDM=,tag:Pl/2gKycua9vc4ma4oNoiA==,type:str] shiori: ENC[AES256_GCM,data:tV7+1GusZvcli8dM86xOD71dc2mzcyfQwMeTh//LDb0=,iv:ED9wR6QjQgwd9Ll/UC5FK3CyYK3b0RniC/D6Y0nGEOI=,tag:X/aopMc2vhnRW2iTphFflQ==,type:str] flame: ENC[AES256_GCM,data:XsYRsA2xs+juWje2Od2Yl2xIvU0OS8xMrtwtcK/0NyyRrg==,iv:FR8lHsNQNCaOy4P+7BsIjNCz+H38i5RlwLYQ4fpB2+w=,tag:61EV7H04pcr1bSX4nSvlpw==,type:str] ryot: ENC[AES256_GCM,data:VMWf3VqcUdyJu2Ygd3XmoqGNWY/W/VJ4213ej0FrA95kAoX+S+j0+4a4B65NtW9UheDSxD1swTXebyenJCIN/tEZwH2wj9I12akNNvSDpt/LG3d1/BZ62cvLCb5n9vyE/vcXgJVfPUqmc67pYDWLpEV/vkKjpqwNH4Y8vnapVo1ytIgsjkTuBb7VFbnRPvYs6J1M0rnaTtkVhOBoRxv+Xg3pWYCgFEXdM/Pg/WKqdHpyh+tJqR74Z91Mwv6G56ZYEDQmAp+Cn+Kk2zZ+t44UAu1SQOgYXPLep+4/PgWw/vQMuyN7GNNP6TrsX3g+ONtJtkdmGu6ArcfbRAky4vM14DxlQP4xSjYSu+FDWGJL/J4TMw6IVDuw/TDVNpMrhBmZdPujYLUW1c6GCCEchBknNfw/Wt+NyTjOzCmZLVw760jY05Fa9kcW2kz+P0iAGTviY7yJZWDctP6PrVNtG1cXc4noJqV/uJ9sQmuGWCiTzaCIIZEhwRKnvjpvZNisKPhx4tctZMWm8l9gKO/TJC/SHMIhvEazmH4v0AzCiRUzdTfnWQZGTNenDrCUetztPh/UUJbLZjhFBH3QR26w/3I5oNpUzUDhfDhcEYtfWuB7ckbkXT8nyYMfe0OR16yJTfQCdnIPBhAUi1g1ZV3jFg+OhYWxk73lPiqC1ADRNh01L1k90PMMWtLXXm6aQ28cB+iQTvvgKbDrr76U8bXoZUyEl30waOQ2HT6nDG61OBUtQHTu6/cFhfhrnU6poAD/k+L7SyqcBoMYAZJN6Us1y3SKhV/3mXVKjRwSl5XZSW+ZpcRe/Cg4bonxFBYsZyY3VjK0LC4Cj8ijh4LpYWrGWtVmWOt/gg7UQPTd81A=,iv:Oa2pvfDpfPr3pqeAg2kYIzjf8KUK9ckMfbVymM78FyE=,tag:XyjYEvWo46BliYXdDH8QrQ==,type:str] @@ -51,7 +52,7 @@ sops: QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb 9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-16T22:00:36Z" - mac: ENC[AES256_GCM,data:jheq0Qyfn0vduoPSbA8nji0DJZ15qnwyH/v112qKwfU8NFLrhy+PNxd/PcSsy071gGiYYGCcK/OSe2SSE4wOTNBUzJehFjb1Yo/TSAXSvRihHszS+XJzPikzspAxRPn9pdRnOYXPrivOWH7VikOy26BQ8QUS1DxUWS2yEM7r78A=,iv:7/bzlpBhdjh/ThMol/c69T0i68wHfDQIzdvd/cXQPQc=,tag:LZ6xBD/W4PdRGMYsvNGWvw==,type:str] + lastmodified: "2025-09-20T21:53:08Z" + mac: ENC[AES256_GCM,data:AbYdsrIojQanUuC5RFCoMBgX2tAougGeym3VKO03g7czJlKzlwuMJaVYqGNN1STMmzfXk/PTwtFuzQyr0fIm5UDEdp3iC3s2P5QFyWc3ofnXbayghCyN8wnr3VfERzV6NQXdJlc3E75+XSGhq/VdraNpy8kfiSBii2FTribNVfY=,iv:5EuDd3uUyJlV/PsZS0zBExqfuJtKT/NGusHeqyNCQNA=,tag:5K4F22Rv3VIK12v0oD5ywg==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/secrets/keys.yaml b/secrets/keys.yaml index 7464f1f..681c758 100644 --- a/secrets/keys.yaml +++ b/secrets/keys.yaml @@ -74,7 +74,7 @@ sops: dklwODNxYVo4a2FaWDJFM0FnV1l3SlUKMnq/MAJRwR7iEri2KomPrMj0gTkMyhzH P5E4zheU7chJTAz5jf6iecyOvKAt6q5g9Q1MU0D6dkOcv2gzWSNAAw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-22T18:13:33Z" - mac: ENC[AES256_GCM,data:HWt8KeSEPeV6SBl7LSFfyQ++zI9nRLnG1JpCvvrpvVbQaPJ9oP0ry0YdHz+Es2LiQWnlT1UjJAvLnr23++bY95x6hfi5zeLVyIYpUObebkMp6XrmifF1Oc7URupqxdQ1u2ZFEpIu+9ZEzthgErnM9/DDZpV2XJajZyUIq3sogq4=,iv:p7q+P2S3Uh5HtndOxtAA8q7aq0z1mx3FoGCsfRVLvC4=,tag:eDI/No95VoHU8VtgkTaFiQ==,type:str] + lastmodified: "2025-09-20T21:51:47Z" + mac: ENC[AES256_GCM,data:JwTGOxfNY5nnAIj0s3qBiBrxQoBuTwPVmNEdqplSi76VFzjs6kqLw4PrMgd1GKwO9SUdRz2yYVzBdErMrFiTfpxa3arY9jLAX8eBon0cdkcIQAQa7ZmZwxLjNfbFppdsJygR7t/A12Zku8kAuXecx47CC5VnVvh2aQw4UsuVnOU=,iv:W7QP31dQTnRQpzAOcxX/SQVp6L+PEVrZiZDzF2BlDso=,tag:cfJm2FjwfqlXOV+e+LHcDQ==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2