tbarnouin/nixos-hypervisor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Agenix config for forgejo tested and working

Browse source
This commit is contained in:
Théo Barnouin 2024-10-23 13:10:45 +02:00
parent 41fb790367
commit 72bb47abe3
5 changed files with 111 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

114
flake.lock
View file

@ -1,5 +1,26 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1723293904,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm",
"repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"authentik-nix": { "authentik-nix": {
"inputs": { "inputs": {
"authentik-src": "authentik-src", "authentik-src": "authentik-src",
@ -7,9 +28,9 @@
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"napalm": "napalm", "napalm": "napalm",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_2",
"poetry2nix": "poetry2nix", "poetry2nix": "poetry2nix",
"systems": "systems" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1727699431, "lastModified": 1727699431,
@ -42,6 +63,28 @@
"type": "github" "type": "github"
} }
}, },
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -99,7 +142,7 @@
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
@ -116,6 +159,27 @@
} }
}, },
"home-manager": { "home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -208,11 +272,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1726937504, "lastModified": 1703013332,
"narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9357f4f23713673f310988025d9dc261c20e70c6", "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -235,6 +299,22 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1726937504,
"narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9357f4f23713673f310988025d9dc261c20e70c6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1728740863, "lastModified": 1728740863,
"narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=", "narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=",
@ -283,10 +363,11 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"authentik-nix": "authentik-nix", "authentik-nix": "authentik-nix",
"home-manager": "home-manager", "home-manager": "home-manager_2",
"microvm": "microvm", "microvm": "microvm",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_3"
} }
}, },
"spectrum": { "spectrum": {
@ -306,6 +387,21 @@
} }
}, },
"systems": { "systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": { "locked": {
"lastModified": 1689347949, "lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@ -320,7 +416,7 @@
"type": "github" "type": "github"
} }
}, },
"systems_2": { "systems_3": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",

4
flake.nix
View file

@ -10,9 +10,10 @@
microvm.url = "github:astro/microvm.nix"; microvm.url = "github:astro/microvm.nix";
microvm.inputs.nixpkgs.follows = "nixpkgs"; microvm.inputs.nixpkgs.follows = "nixpkgs";
authentik-nix.url = "github:nix-community/authentik-nix"; authentik-nix.url = "github:nix-community/authentik-nix";
agenix.url = "github:ryantm/agenix";
}; };
outputs = inputs@{ self, nixpkgs, home-manager, microvm, ... }: outputs = inputs@{ self, nixpkgs, home-manager, microvm, agenix, ... }:
let let
system = "x86_64-linux"; system = "x86_64-linux";
username = "tbarnouin"; username = "tbarnouin";
@ -114,6 +115,7 @@
forgejo-runner = nixpkgs.lib.nixosSystem { forgejo-runner = nixpkgs.lib.nixosSystem {
inherit system; inherit system;
modules = [ modules = [
agenix.nixosModules.default
"${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix" "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
"${inputs.self}/services" "${inputs.self}/services"
{ {

BIN
secrets/forgejo-runner-token.age
View file

Binary file not shown.

6
services/forgejo-runner/default.nix
View file

@ -7,8 +7,8 @@ in
enable = lib.mkEnableOption "Enable Forgejo service"; enable = lib.mkEnableOption "Enable Forgejo service";
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
age.secrets.forgejo-runner-token.file = ./secrets/forgejo-runner-token.age age.secrets.forgejo-runner-token.file = ./secrets/forgejo-runner-token.age;
services.forgejo-actions-runner = { services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner; package = pkgs.forgejo-actions-runner;
instances.default = { instances.default = {
enable = true; enable = true;
@ -16,7 +16,7 @@ in
url = "https://git.le43.eu"; url = "https://git.le43.eu";
tokenFile = config.age.secrets.forgejo-runner-token.path; tokenFile = config.age.secrets.forgejo-runner-token.path;
labels = [ labels = [
"ubuntu-latest:docker://node:16-bullseye" "native:host"
]; ];
}; };
}; };

BIN
services/forgejo-runner/secrets/forgejo-runner-token.age Normal file
View file

Binary file not shown.