runner: add Forgejo Actions runner on the mediaserver
Adds services/forgejo-runner.nix as a host-gated module on the mediaserver and switches the flake-update workflow from runs-on: ubuntu-latest to the self-hosted fred-nix label, mapped to catthehacker/ubuntu:act-latest for GitHub-action compatibility. Token lives at /var/secrets/forgejo-runner-token so it stays out of the Nix store. Also drops the stray result/ build symlink from the worktree. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
parent
af1f5c9a04
commit
29e1185694
3 changed files with 33 additions and 1 deletions
|
|
@ -7,7 +7,7 @@ on:
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
update:
|
update:
|
||||||
runs-on: ubuntu-latest
|
runs-on: fred-nix
|
||||||
permissions:
|
permissions:
|
||||||
contents: write
|
contents: write
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,7 @@
|
||||||
./services/adguard.nix
|
./services/adguard.nix
|
||||||
./services/router.nix
|
./services/router.nix
|
||||||
./services/crowdsec.nix
|
./services/crowdsec.nix
|
||||||
|
./services/forgejo-runner.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
### Make build time quicker
|
### Make build time quicker
|
||||||
|
|
|
||||||
31
services/forgejo-runner.nix
Normal file
31
services/forgejo-runner.nix
Normal file
|
|
@ -0,0 +1,31 @@
|
||||||
|
# services/forgejo-runner.nix — self-hosted Forgejo Actions runner.
|
||||||
|
#
|
||||||
|
# Registers with forg.gregersen.it and runs jobs in Docker containers.
|
||||||
|
# Workflows in this repo target `runs-on: fred-nix`, which maps to the
|
||||||
|
# catthehacker ubuntu image (the de-facto compatibility image for running
|
||||||
|
# GitHub-style workflows on self-hosted runners).
|
||||||
|
#
|
||||||
|
# The runner registration token is one-time-use: it must exist at the path
|
||||||
|
# below on first activation, after which the runner stores its own auth in
|
||||||
|
# /var/lib/gitea-runner. To register:
|
||||||
|
#
|
||||||
|
# echo 'YOUR_REGISTRATION_TOKEN' | sudo tee /var/secrets/forgejo-runner-token
|
||||||
|
# sudo chmod 600 /var/secrets/forgejo-runner-token
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
|
||||||
|
|
||||||
|
services.gitea-actions-runner = {
|
||||||
|
package = pkgs.forgejo-actions-runner;
|
||||||
|
instances.default = {
|
||||||
|
enable = true;
|
||||||
|
name = "mediaserver";
|
||||||
|
url = "https://forg.gregersen.it";
|
||||||
|
tokenFile = "/var/secrets/forgejo-runner-token";
|
||||||
|
labels = [
|
||||||
|
"fred-nix:docker://catthehacker/ubuntu:act-latest"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue