51 lines
1021 B
Nix
51 lines
1021 B
Nix
{
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.my.servers.gitea;
|
|
in
|
|
{
|
|
config = lib.mkIf (cfg.enable && config.my.secureHost) {
|
|
users.groups.gitea-runner = { };
|
|
users.users.gitea-runner = {
|
|
isSystemUser = true;
|
|
group = "gitea-runner";
|
|
extraGroups = [
|
|
"docker"
|
|
"podman"
|
|
];
|
|
};
|
|
nix.settings = {
|
|
allowed-users = [ "gitea-runner" ];
|
|
trusted-users = [ "gitea-runner" ];
|
|
};
|
|
services.gitea-actions-runner.instances.webref = {
|
|
inherit (cfg) url enable;
|
|
name = "${config.networking.hostName}-nixos";
|
|
tokenFile = config.sops.secrets.gitea.path;
|
|
labels = [
|
|
"nix"
|
|
"ubuntu-latest:docker://node:20-bookworm"
|
|
"webref"
|
|
];
|
|
hostPackages = builtins.attrValues {
|
|
inherit (pkgs)
|
|
bash
|
|
coreutils
|
|
curl
|
|
git
|
|
nix
|
|
nodejs
|
|
python3
|
|
postgresql
|
|
docker
|
|
docker-compose
|
|
;
|
|
};
|
|
};
|
|
};
|
|
}
|