feat(services/selfhost): adding the git actions on forgejo

2026-03-06 12:26:12 +01:00 · 2026-03-06 12:26:12 +01:00 · 5cc6b40a3e
commit 5cc6b40a3e
parent 3aff293749
3 changed files with 20 additions and 1 deletions
--- a/hosts/server/secrets.nix
+++ b/hosts/server/secrets.nix
@ -60,6 +60,13 @@
    mode = "0440";
  };

+  age.secrets."forgejo-runner-token" = {
+    file = ../../secrets/forgejo-runner-token.age;
+    owner = "forgejo";
+    group = "forgejo";
+    mode = "0440";
+  };
+
  age.secrets."nextcloud-database" = {
    file = ../../secrets/nextcloud-database.age;
    owner = "nextcloud";
--- a/secrets/forgejo-runner-token.age
+++ b/secrets/forgejo-runner-token.age
--- a/services/self_host/git.nix
+++ b/services/self_host/git.nix
@ -35,6 +35,7 @@ in
          AUTH_URL = "https://git.enium.eu/ui/oauth2";
          TOKEN_URL = "https://git.enium.eu/oauth2/token";
          API_URL = "https://git.enium.eu/oauth2/openid/forgejo/userinfo";
+          REDIRECT_URI = "https://git.enium.eu/user/oauth2/Enium/callback";
          CODE_CHALLENGE_METHOD = "S256";
          ENABLE_AUTO_REGISTRATION = true;
          UPDATE_AVATAR = true;
@ -51,7 +52,18 @@ in
        };
      };
    };
-
+    gitea-actions-runner = {
+      package = pkgs.forgejo-runner;
+      instances.default = {
+        enable = true;
+        name = "monolith";
+        url = "https://git.enium.eu";
+        tokenFile = config.age.secrets.forgejo-runner-token.path;
+        labels = [
+          "ubuntu-latest:docker://node:16-bullseye"
+        ];
+      };
+    };
    nginx.virtualHosts."${gitDomain}" = {
      enableACME = true;
      forceSSL = true;