Periodic/system-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[mcp] Adds gitea runners

Browse Source
This commit is contained in:
Drew Haven
2025-04-28 16:59:54 -07:00
parent 6fd171ae12
commit 3da928a7a8
2 changed files with 50 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
secrets/mcp.yaml
View File

@@ -1,4 +1,6 @@
gitea_db_password: ENC[AES256_GCM,data:G2YqiDk0msBRjUJkoPxWmayQ9dI=,iv:FsojIJIi61K7rD2VULDgIx6uSYX3iDiA6W744HlgHl0=,tag:BlmsM7LZHnBCKtfuqlhoKA==,type:str] gitea:
db_password: ENC[AES256_GCM,data:12FYMsc8HdTMdPegoPLCidaHMMU=,iv:Uat0g7Nvota1yvj6InIAo7Dzv3cBtVVzlRa1d09gx1s=,tag:sFavpAHW0k/Fv1uzPVuGcA==,type:str]
registration_token: ENC[AES256_GCM,data:zYfFATOuqACrGUyt6xPhiisz293uomKc6BLPKz8I+MFFBrBdzT9FqA==,iv:gyp2WsUHMMrNBmssWGPLSJmZqlAtopc6HeAtX9+oCXs=,tag:mLEPTapn7OM3bm5c9TKB0A==,type:str]
bookstack_app_key: ENC[AES256_GCM,data:N79JVlQSoVCXOsIHCxd19HFm6LkrYyXQu/xWenEdUlQWqwZEi3PuHXG7fQgvzQY4KI7S,iv:cd2l2eOv+wAJ5sih3YhHgQTdy1qrvaIsoHcywOnHuYM=,tag:5QvCHlQX8wUz3tI2NXl+8A==,type:str] bookstack_app_key: ENC[AES256_GCM,data:N79JVlQSoVCXOsIHCxd19HFm6LkrYyXQu/xWenEdUlQWqwZEi3PuHXG7fQgvzQY4KI7S,iv:cd2l2eOv+wAJ5sih3YhHgQTdy1qrvaIsoHcywOnHuYM=,tag:5QvCHlQX8wUz3tI2NXl+8A==,type:str]
bookstack_db: ENC[AES256_GCM,data:m8fGgAfmJu1rEaxmTVH4FfBhyiU=,iv:OnBT/6sp9zmcJ1+kBmdmvaE630hifxBpvKnu3XrVXcE=,tag:SSVQcYkAymlbFOnf0MB6KA==,type:str] bookstack_db: ENC[AES256_GCM,data:m8fGgAfmJu1rEaxmTVH4FfBhyiU=,iv:OnBT/6sp9zmcJ1+kBmdmvaE630hifxBpvKnu3XrVXcE=,tag:SSVQcYkAymlbFOnf0MB6KA==,type:str]
mariadb_root_password: ENC[AES256_GCM,data:p965ZhFQqqX+Ub1yhgklVYlBH6A=,iv:qC5WwTvZGvlbAkYiv35xHizMYAnP0V0Vw79EkvL32wQ=,tag:gOJQvHeOC9turFKOMQ9DNg==,type:str] mariadb_root_password: ENC[AES256_GCM,data:p965ZhFQqqX+Ub1yhgklVYlBH6A=,iv:qC5WwTvZGvlbAkYiv35xHizMYAnP0V0Vw79EkvL32wQ=,tag:gOJQvHeOC9turFKOMQ9DNg==,type:str]
@@ -33,8 +35,8 @@ sops:
by9aNFY4dXNxaWxnTXFTQS9reHhuQWMKh5rZ93nFtBV9EpFVRp+E+GXZ6xzVy2Jw by9aNFY4dXNxaWxnTXFTQS9reHhuQWMKh5rZ93nFtBV9EpFVRp+E+GXZ6xzVy2Jw
vFh4deGcAb60q4odSaeWfk1Dr7L9Ua69oK9omjbCNUt+P7Kwlfca7Q== vFh4deGcAb60q4odSaeWfk1Dr7L9Ua69oK9omjbCNUt+P7Kwlfca7Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-24T23:16:22Z" lastmodified: "2025-04-28T23:33:42Z"
mac: ENC[AES256_GCM,data:NY9uhBwukENyny0lSnYDrdRDlAm5o0kGBs8Tes4x3/dofWibl9HqHobilg4qrLFzwCgQsgyPAFoRKV7ZVQ25YHjXM4YnoFVmUASfyTfoejWet/J3HwOO1xNkX8N6iYWJRYHOWaKMm46ZvkjmqAB0N6L7Z/8Uk7b09HoAxJ3aVHA=,iv:kI3kv0e9kcc8cb4H+YCnQYs7qDbucQYo264lz4zR/2E=,tag:ELqxtawXwhEPBncDz3REVA==,type:str] mac: ENC[AES256_GCM,data:cZkRcGV5/CPPVUdTDekwC8UjO6K348sBsS7NvR8wnoXS0AmSZsqN594nkvoc0VccM55Hwnm4jZxY56OV+UFMya1IRIkTo6LJRb88/CgZ8bjz30ACe33FKgJfCugimUDKsekbgNX1UFg1DVbqYK9/N4fcEBSxV3Xmzy5QGnQ/8KU=,iv:EprUHNtU5w7569ADMOxw+izDAL22A5OrB12T9iyHxKU=,tag:kRvyUEZwd/RttKdFOY2bJQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.9.4

67
system/hosts/mcp/containers/gitea.nix
View File

@@ -1,24 +1,40 @@
{ config, ... }: { config, ... }:
let let
inherit (import ./lib.nix config) hostRule blazestar; inherit (import ./lib.nix config) mkContainer blazestar;
in in
{ {
virtualisation.oci-containers.containers.gitea = { sops.secrets = {
"gitea/db_password" = {
restartUnits = [ "podman-gitea.service" ];
};
"gitea/registration_token" = {
restartUnits = [ "podman-gitea-runner.service" ];
};
};
sops.templates."gitea.env".content = ''
GITEA__database__DB_TYPE="postgres"
GITEA__database__HOST="db"
GITEA__database__NAME="gitea"
GITEA__database__USER="gitea"
GITEA__database__PASSWD="${config.sops.placeholder."gitea/db_password"}"
'';
virtualisation.oci-containers.containers.gitea = mkContainer {
image = "gitea/gitea:latest-rootless"; image = "gitea/gitea:latest-rootless";
autoStart = true;
dependsOn = [ dependsOn = [
"db" "db"
]; ];
extraOptions = [ hostName = "git";
"-l=traefik.enable=true" domain = blazestar;
"-l=traefik.http.routers.gitea.rule=${hostRule "git" blazestar}" public = true;
"-l=traefik.http.services.gitea.loadbalancer.server.port=3000" port = 3000;
"-l=homepage.group=Apps" homepageOpts = {
"-l=homepage.name=Gitea" name = "Gitea";
"-l=homepage.icon=gitea.png" icon = "gitea.png";
"-l=homepage.href=https://git.${blazestar}" description = "Git Server";
"-l=homepage.description=Git Server" group = "Apps";
]; };
ports = [ ports = [
"2222:2222" "2222:2222"
]; ];
@@ -36,14 +52,21 @@ in
]; ];
}; };
sops.secrets."gitea_db_password" = { sops.templates."gitea-runner.env".content = ''
restartUnits = [ "podman-gitea.service" ]; GITEA_RUNNER_NAME=MCP
}; GITEA_INSTANCE_URL=https://git.${blazestar}
sops.templates."gitea.env".content = '' GITEA_RUNNER_REGISTRATION_TOKEN=${config.sops.placeholder."gitea/registration_token"}
GITEA__database__DB_TYPE="postgres"
GITEA__database__HOST="db"
GITEA__database__NAME="gitea"
GITEA__database__USER="gitea"
GITEA__database__PASSWD="${config.sops.placeholder."gitea_db_password"}"
''; '';
virtualisation.oci-containers.containers.gitea-runner = {
image = "gitea/act_runner:latest";
autoStart = true;
environmentFiles = [
config.sops.templates."gitea-runner.env".path
];
volumes = [
# The runner will spawn new containers to run the actions
"/var/run/podman/podman.sock:/var/run/docker.sock:ro"
];
};
} }