diff --git a/flake.lock b/flake.lock index 0be0e3d..9629357 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,26 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "owner": "ryantm", + "repo": "agenix", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "authentik-nix": { "inputs": { "authentik-src": "authentik-src", @@ -7,9 +28,9 @@ "flake-parts": "flake-parts", "flake-utils": "flake-utils", "napalm": "napalm", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "poetry2nix": "poetry2nix", - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1727699431, @@ -42,6 +63,28 @@ "type": "github" } }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -99,7 +142,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1710146030, @@ -116,6 +159,27 @@ } }, "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -208,11 +272,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726937504, - "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9357f4f23713673f310988025d9dc261c20e70c6", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "type": "github" }, "original": { @@ -235,6 +299,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1726937504, + "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9357f4f23713673f310988025d9dc261c20e70c6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1728740863, "narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=", @@ -283,10 +363,11 @@ }, "root": { "inputs": { + "agenix": "agenix", "authentik-nix": "authentik-nix", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "microvm": "microvm", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" } }, "spectrum": { @@ -306,6 +387,21 @@ } }, "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", @@ -320,7 +416,7 @@ "type": "github" } }, - "systems_2": { + "systems_3": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", diff --git a/flake.nix b/flake.nix index 5ea3b0e..e2ed5c9 100644 --- a/flake.nix +++ b/flake.nix @@ -10,9 +10,10 @@ microvm.url = "github:astro/microvm.nix"; microvm.inputs.nixpkgs.follows = "nixpkgs"; authentik-nix.url = "github:nix-community/authentik-nix"; + agenix.url = "github:ryantm/agenix"; }; - outputs = inputs@{ self, nixpkgs, home-manager, microvm, ... }: + outputs = inputs@{ self, nixpkgs, home-manager, microvm, agenix, ... }: let system = "x86_64-linux"; username = "tbarnouin"; @@ -114,6 +115,7 @@ forgejo-runner = nixpkgs.lib.nixosSystem { inherit system; modules = [ + agenix.nixosModules.default "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix" "${inputs.self}/services" { diff --git a/secrets/forgejo-runner-token.age b/secrets/forgejo-runner-token.age index 748572c..451b4ed 100644 Binary files a/secrets/forgejo-runner-token.age and b/secrets/forgejo-runner-token.age differ diff --git a/services/forgejo-runner/default.nix b/services/forgejo-runner/default.nix index cce9d55..aa56d0c 100644 --- a/services/forgejo-runner/default.nix +++ b/services/forgejo-runner/default.nix @@ -7,8 +7,8 @@ in enable = lib.mkEnableOption "Enable Forgejo service"; }; config = lib.mkIf cfg.enable { - age.secrets.forgejo-runner-token.file = ./secrets/forgejo-runner-token.age - services.forgejo-actions-runner = { + age.secrets.forgejo-runner-token.file = ./secrets/forgejo-runner-token.age; + services.gitea-actions-runner = { package = pkgs.forgejo-actions-runner; instances.default = { enable = true; @@ -16,7 +16,7 @@ in url = "https://git.le43.eu"; tokenFile = config.age.secrets.forgejo-runner-token.path; labels = [ - "ubuntu-latest:docker://node:16-bullseye" + "native:host" ]; }; }; diff --git a/services/forgejo-runner/secrets/forgejo-runner-token.age b/services/forgejo-runner/secrets/forgejo-runner-token.age new file mode 100644 index 0000000..451b4ed Binary files /dev/null and b/services/forgejo-runner/secrets/forgejo-runner-token.age differ