From f6b82815ad2fc8f4d97cd1fb7d7d53d8cdb0bce8 Mon Sep 17 00:00:00 2001 From: Henry-Hiles Date: Tue, 25 Mar 2025 17:01:59 -0400 Subject: [PATCH] Forgejo --- clients/quadraticserver/forgejo.nix | 41 ++++++++++++++++++++++++++++ flake.lock | 30 ++++++++++---------- modules/common/auto-cpufreq.nix | 2 +- secrets/keys.nix | 2 +- secrets/runnerToken.age | Bin 0 -> 259 bytes secrets/secrets.nix | 1 - 6 files changed, 58 insertions(+), 18 deletions(-) create mode 100644 clients/quadraticserver/forgejo.nix create mode 100644 secrets/runnerToken.age delete mode 100644 secrets/secrets.nix diff --git a/clients/quadraticserver/forgejo.nix b/clients/quadraticserver/forgejo.nix new file mode 100644 index 0000000..b8c0152 --- /dev/null +++ b/clients/quadraticserver/forgejo.nix @@ -0,0 +1,41 @@ +{ + pkgs, + config, + ... +}: { + services = let + domain = "git.henryhiles.com"; + socket = "/run/forgejo/socket"; + in { + forgejo = { + enable = true; + package = pkgs.forgejo; # Not LTS + settings = { + service.DISABLE_REGISTRATION = true; + repository.GO_GET_CLONE_URL_PROTOCOL = "ssh"; + + server = { + DOMAIN = domain; + ROOT_URL = "https://${domain}"; + HTTP_ADDR = socket; + PROTOCOL = "http+unix"; + }; + }; + }; + + gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances.default = { + enable = true; + name = "monolith"; + url = "https://git.henryhiles.com"; + tokenFile = config.age.secrets."runnerToken.age".path; + labels = [ + "native:host" + ]; + }; + }; + + caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}"; + }; +} diff --git a/flake.lock b/flake.lock index 0c59384..b0650b5 100644 --- a/flake.lock +++ b/flake.lock @@ -131,11 +131,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1742173552, - "narHash": "sha256-8EQS6zY47hVa3jWG9d2MuHK+1JmG/6vdp8gEd2eKFow=", + "lastModified": 1742826799, + "narHash": "sha256-v1uYWuOPpXgUxx8WPLtXyLLCBL2/lgMjqyg7K9RPirw=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "072ee5d3e8b6f575a31cc294054537dc841d5049", + "rev": "26b99e51e7f15a62eb3f90aea536d9ba55f782df", "type": "github" }, "original": { @@ -343,11 +343,11 @@ ] }, "locked": { - "lastModified": 1742508854, - "narHash": "sha256-vQQTIl4+slrcu7ftVKNBql9ngBdY0dcYGujdT7zIVp0=", + "lastModified": 1742871411, + "narHash": "sha256-F3xBdOs5m0SE6Gq3jz+JxDOPvsLs22vbGfD05uF6xEc=", "owner": "nix-community", "repo": "home-manager", - "rev": "da0181819479ddc034a3db9a77ed21ea3bcc0668", + "rev": "869f2ec2add75ce2a70a6dbbf585b8399abec625", "type": "github" }, "original": { @@ -379,11 +379,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742288794, - "narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=", + "lastModified": 1742669843, + "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", + "rev": "1e5b653dff12029333a6546c11e108ede13052eb", "type": "github" }, "original": { @@ -470,11 +470,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1742493140, - "narHash": "sha256-deeSwFTs5mAR0lHIccRrND/+YIhgJwdXwJE9iHIP8ec=", + "lastModified": 1742888184, + "narHash": "sha256-RQcDOflYvsl2BV3q2lFmjY1qnBIv2P1n8FVviVnL9Lo=", "owner": "wamserma", "repo": "flake-programs-sqlite", - "rev": "84d4a332c0f98637d504f9d5ad5610a263d271fe", + "rev": "4ba0fb3ef21aa09b1e951476f785cf746bad019a", "type": "github" }, "original": { @@ -538,11 +538,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1742496983, - "narHash": "sha256-UpJrU0DEhNLVZwL/RPVOEUHCG6iDOVDoYelkmgS4V38=", + "lastModified": 1742856759, + "narHash": "sha256-IiHFsSC2xXD/RT4CW5ThaBybFQ+xha7HOTGbdD+TiXQ=", "owner": "danth", "repo": "stylix", - "rev": "7e9906679d384472849272e5a5eef7adbdb1d87f", + "rev": "b4feb69fd2c1b6ef02a6a81761a62af62ac7bf1b", "type": "github" }, "original": { diff --git a/modules/common/auto-cpufreq.nix b/modules/common/auto-cpufreq.nix index a03af2d..f4098e1 100644 --- a/modules/common/auto-cpufreq.nix +++ b/modules/common/auto-cpufreq.nix @@ -1,4 +1,4 @@ { services.power-profiles-daemon.enable = false; - services.auto-cpufreq.enable = true; + # services.auto-cpufreq.enable = true; TODO: Turn back on once https://github.com/NixOS/nixpkgs/pull/392666 is merged } diff --git a/secrets/keys.nix b/secrets/keys.nix index 44c14dc..b74aa4c 100644 --- a/secrets/keys.nix +++ b/secrets/keys.nix @@ -1,5 +1,5 @@ with builtins; filter isString (split "\n" (readFile (fetchurl { - url = "https://github.com/Henry-Hiles.keys"; + url = "https://git.henryhiles.com/Henry-Hiles.keys"; sha256 = "1k73c228rgzq7ymf5vaj6wfqzkqm6yzq5lq0syb7mzbrvngvr2jc"; }))) diff --git a/secrets/runnerToken.age b/secrets/runnerToken.age new file mode 100644 index 0000000000000000000000000000000000000000..146d569b4f1a0e841f06e43e06393566e3b92235 GIT binary patch literal 259 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+^9~G62~-FQF|{ai zadtP!D>n->3v==_cQiH2%Wx_)waCo($}{qE&(t^eiZn=f_T|#A3N^QI4K4D{$;oss z$#yq0@Xht`4a;}W3o3KWF0w51^sO{^@$oD$Ddy7E)m6w(HY^J)4oC~k$qLK#GcT+% z4ld8N3~@Ftb*_js2q{Y|^fB`+Gc2$)apgLpcSXTkD#P!YY3l`_