From 139d038452d7f69b6ca22509fc01f15a34026ff4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= <theo.barnouin@le43.eu>
Date: Wed, 23 Oct 2024 14:55:37 +0200
Subject: [PATCH] Try Forgejo actions

---
 .forgejo/workflows/demo.yml                     |   6 ++++++
 secrets/secrets.nix                             |   1 +
 services/forgejo-runner/default.nix             |  13 ++++++++++---
 .../secrets/forgejo-runner-token.age            | Bin 363 -> 363 bytes
 4 files changed, 17 insertions(+), 3 deletions(-)
 create mode 100644 .forgejo/workflows/demo.yml

diff --git a/.forgejo/workflows/demo.yml b/.forgejo/workflows/demo.yml
new file mode 100644
index 0000000..d470cda
--- /dev/null
+++ b/.forgejo/workflows/demo.yml
@@ -0,0 +1,6 @@
+on: [push]
+jobs:
+  test:
+    runs-on: docker
+    steps:
+      - run: echo All Good
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 8eb4f4a..f77f682 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -10,5 +10,6 @@ let
 in
 {
   "forgejo-runner-token.age".publicKeys = [ tbarnouin forgejo ];
+  "../services/forgejo-runner/secrets/forgejo-runner-token.age".publicKeys = [ tbarnouin forgejo ];
 }
 
diff --git a/services/forgejo-runner/default.nix b/services/forgejo-runner/default.nix
index aa56d0c..f7b39fe 100644
--- a/services/forgejo-runner/default.nix
+++ b/services/forgejo-runner/default.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, agenix, ... }:
 let
   cfg = config.services.vm_forgejo;
 in
@@ -7,12 +7,19 @@ in
     enable = lib.mkEnableOption "Enable Forgejo service";
   };
   config = lib.mkIf cfg.enable {
-    age.secrets.forgejo-runner-token.file = ./secrets/forgejo-runner-token.age;
+    users.users.gitea-runner = {
+      isNormalUser = true;
+    };
+    age.secrets.forgejo-runner-token = {
+      file  = ./secrets/forgejo-runner-token.age;
+      mode  = "0660";
+      owner = "root";
+    };
     services.gitea-actions-runner = {
       package = pkgs.forgejo-actions-runner;
       instances.default = {
         enable = true;
-        name = "monolith";
+        name = "nixos-runner";
         url = "https://git.le43.eu";
         tokenFile = config.age.secrets.forgejo-runner-token.path;
         labels = [
diff --git a/services/forgejo-runner/secrets/forgejo-runner-token.age b/services/forgejo-runner/secrets/forgejo-runner-token.age
index 451b4edbdfae01a7bb805d5730dfb5beebe3912e..c44487efb76ec461d9473549e2602ef44c52bf29 100644
GIT binary patch
delta 328
zcmV-O0k{6^0_y^hEPpg>Oh-?2S8qs5L}^M-O>Z}DGj(-rLRxrCNOyKNT5~T#YEO1I
zZ9z;zYYKI5Wm9umPc&;(K{ZQdR&GaWP<J<0czSd=cXeVpcyVKQdT>=jL}o8hRSGRW
zAaiqQEoEdfH8n9gAWc+HF>q%fPd9f)az{%wSVcBcLQgkxM1NUPXJ}_<F>`KIMS4$k
zbu&(4dNFumT5U*G3P>?}I7~t|G)z`$b2v>_ZfImeI7vxlbT)BKL1kiEZBb@nb69pT
zMs;jO3N0-yAZ{x(Gel-gQaChXaacuHb51KSNGoqya&AF!R5@#CI8iH2dUZ5TQ(|~Y
z3Ie`T=|pvAok2Pw8{MdzSZmk9_yDu0klI>J<lM!WGl{x%K7UVmzk*d9Y9nI~3T&-T
aF=~G4qyl$kNW|$5-2XNb?S3w1UIOd4ban^;

delta 328
zcmV-O0k{6^0_y^hEPppLZ)9m|WN2bhI8QK7b~Q9ZS6N7Ecxz!aRyj3qIWI9mG&FHG
zD@ajMSqgPIOG!z2R$@U^FKsYwaB*#PWp++ePjE^yGGRq>c6f3@N^VVLMKf$GRSGRW
zAaiqQEoEdfH8n9gAWc+HF>q%fb4EmAPBvyYXK*!WIZHuRF@Hx-ZcI=}ZBArzbaO>&
zH(FLvSSv+%VO2tN3RrnUbWBQ1Gj=v-S5sJ5W=e2qWGhWHL0V3BZZu_hMmb?ILS|QW
zG%`YG3N0-yAa;09GGj<`a70#8FilTxc`!6&H)AwWd0A*kRBJY8buwpkRd*|DX){$#
z3QZEL<RYZD_CcG7WznPnZ5i_WQ?8)G?G~pmW}ZY{X<8lQf@Q_8j?z_baPg{9Qh=M6
aYK-FXi%y1b(z)yZk3(jcHm%)+F7(XWBzdv`