karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add gitea act runner

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-07-25 17:41:58 +01:00
parent d38be7625c
commit 453c8ecc65
8 changed files with 137 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
flake.lock generated
View File

@@ -262,11 +262,11 @@
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1753450574, "lastModified": 1753458351,
"narHash": "sha256-+aP5yejjs8Q/ryGO3I7eS/0aMFdkUk8OT1TiMC1uyk4=", "narHash": "sha256-wsZQkEA3YYouRu7wjepetS6rnwLEr00wMpIQsxbZNTU=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "cf0eec50d087704012bee8cfa0bab39b46b1cde7", "rev": "6ce176beb34bfe0ac65131564c1fa3f5d0aca1fe",
"revCount": 24, "revCount": 26,
"type": "git", "type": "git",
"url": "https://git.karaolidis.com/karaolidis/nix-secrets.git" "url": "https://git.karaolidis.com/karaolidis/nix-secrets.git"
}, },

2
hosts/common/configs/user/gui/vscode/default.nix
View File

@@ -63,7 +63,7 @@ in
"files.trimTrailingWhitespace" = true; "files.trimTrailingWhitespace" = true;
"git.allowForcePush" = true; "git.allowForcePush" = true;
"git.alwaysSignOff" = true; "git.alwaysSignOff" = true;
"git.autofetch" = "all"; "git.autofetch" = true;
"git.blame.editorDecoration.enabled" = true; "git.blame.editorDecoration.enabled" = true;
"git.closeDiffOnOperation" = true; "git.closeDiffOnOperation" = true;
"git.confirmForcePush" = false; "git.confirmForcePush" = false;

36
hosts/jupiter/users/storm/configs/console/podman/gitea/default.nix
View File

@@ -74,6 +74,7 @@ in
"gitea/internalToken".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; "gitea/internalToken".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
"gitea/jwtSecret".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; "gitea/jwtSecret".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
"gitea/lfsJwtSecret".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; "gitea/lfsJwtSecret".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
"gitea/runnerRegistrationToken".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
"gitea/admin".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; "gitea/admin".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
"gitea/authelia/password".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; "gitea/authelia/password".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
"gitea/authelia/digest".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; "gitea/authelia/digest".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
@@ -86,6 +87,12 @@ in
gitea-env.content = '' gitea-env.content = ''
GITEA_OAUTH_SECRET=${hmConfig.sops.placeholder."gitea/authelia/password"} GITEA_OAUTH_SECRET=${hmConfig.sops.placeholder."gitea/authelia/password"}
GITEA_RUNNER_REGISTRATION_TOKEN=${hmConfig.sops.placeholder."gitea/runnerRegistrationToken"}
GITEA_ADMIN_PASSWORD=${hmConfig.sops.placeholder."gitea/admin"}
'';
gitea-act-runner-env.content = ''
GITEA_RUNNER_REGISTRATION_TOKEN=${hmConfig.sops.placeholder."gitea/runnerRegistrationToken"}
GITEA_ADMIN_PASSWORD=${hmConfig.sops.placeholder."gitea/admin"} GITEA_ADMIN_PASSWORD=${hmConfig.sops.placeholder."gitea/admin"}
''; '';
@@ -98,6 +105,7 @@ in
sections = { sections = {
server = { server = {
ROOT_URL = "https://git.karaolidis.com:443/"; ROOT_URL = "https://git.karaolidis.com:443/";
LANDING_PAGE = "explore";
# FIXME: https://github.com/go-gitea/gitea/issues/31112 # FIXME: https://github.com/go-gitea/gitea/issues/31112
OFFLINE_MODE = false; OFFLINE_MODE = false;
@@ -203,6 +211,8 @@ in
volumes = { volumes = {
gitea-postgresql = { }; gitea-postgresql = { };
gitea = { }; gitea = { };
gitea-act-runner-data = { };
gitea-act-runner-cache = { };
}; };
containers = { containers = {
@@ -262,6 +272,32 @@ in
unitConfig.After = [ "sops-nix.service" ]; unitConfig.After = [ "sops-nix.service" ];
}; };
gitea-act-runner = {
containerConfig = {
image = "docker-archive:${selfPkgs.docker-gitea-act-runner}";
networks = [ networks.gitea.ref ];
volumes =
let
uid = builtins.toString config.users.users.${user}.uid;
in
[
"/run/user/${uid}/podman/podman.sock:/var/run/docker.sock"
"${volumes.gitea-act-runner-data.ref}:/var/lib/gitea-act-runner"
"${volumes.gitea-act-runner-cache.ref}:/tmp/gitea-act-runner"
];
environments = {
GITEA_INSTANCE_URL = "https://git.karaolidis.com";
GITEA_ADMIN_USERNAME = "admin";
};
environmentFiles = [ hmConfig.sops.templates.gitea-act-runner-env.path ];
};
unitConfig = {
After = [ "sops-nix.service" ];
Requires = [ "${containers.gitea._serviceName}.service" ];
};
};
authelia.containerConfig.volumes = [ authelia.containerConfig.volumes = [
"${hmConfig.sops.templates.authelia-gitea.path}:/etc/authelia/conf.d/gitea.yaml:ro" "${hmConfig.sops.templates.authelia-gitea.path}:/etc/authelia/conf.d/gitea.yaml:ro"
]; ];

1
packages/default.nix
View File

@@ -14,6 +14,7 @@
docker-base = import ./docker/base { inherit pkgs; }; docker-base = import ./docker/base { inherit pkgs; };
docker-flaresolverr = import ./docker/flaresolverr { inherit pkgs; }; docker-flaresolverr = import ./docker/flaresolverr { inherit pkgs; };
docker-gitea = import ./docker/gitea { inherit pkgs; }; docker-gitea = import ./docker/gitea { inherit pkgs; };
docker-gitea-act-runner = import ./docker/gitea-act-runner { inherit pkgs; };
docker-grafana = import ./docker/grafana { inherit pkgs; }; docker-grafana = import ./docker/grafana { inherit pkgs; };
docker-grafana-image-renderer = import ./docker/grafana-image-renderer { inherit pkgs; }; docker-grafana-image-renderer = import ./docker/grafana-image-renderer { inherit pkgs; };
docker-jellyfin = import ./docker/jellyfin { inherit pkgs inputs system; }; docker-jellyfin = import ./docker/jellyfin { inherit pkgs inputs system; };

51
packages/docker/gitea-act-runner/default.nix Normal file
View File

@@ -0,0 +1,51 @@
{ pkgs, ... }:
let
entrypoint = pkgs.writeTextFile {
name = "entrypoint";
executable = true;
destination = "/bin/entrypoint";
text = builtins.readFile ./entrypoint.sh;
};
runnerConfig = pkgs.writeTextDir "/etc/gitea-act-runner/config.yaml" (
builtins.readFile (
(pkgs.formats.yaml { }).generate "config.yaml" {
runner = {
file = "/var/lib/gitea-act-runner/registration";
capacity = 4;
};
cache.dir = "/tmp/gitea-act-runner/";
# https://gitea.com/gitea/act_runner/issues/223#issuecomment-743748
container.docker_host = "-";
}
)
);
in
pkgs.dockerTools.buildImage {
name = "gitea-act-runner";
fromImage = import ../base { inherit pkgs; };
copyToRoot = pkgs.buildEnv {
name = "root";
paths = with pkgs; [
entrypoint
gitea-actions-runner
runnerConfig
curl
jq
];
pathsToLink = [
"/bin"
"/etc"
];
};
config = {
Entrypoint = [ "entrypoint" ];
WorkDir = "/var/lib/gitea-act-runner";
Volumes = {
"/var/lib/gitea-act-runner" = { };
"/tmp/gitea-act-runner" = { };
};
};
}

41
packages/docker/gitea-act-runner/entrypoint.sh Normal file
View File

@@ -0,0 +1,41 @@
#!/usr/bin/env sh
set -o errexit
set -o nounset
GITEA_RUNNER_NAME="${GITEA_RUNNER_NAME:-main}"
LOG_PIPE="$(mktemp -u)"
mkfifo "$LOG_PIPE"
(
while IFS= read -r line; do
if echo "$line" | grep -qiE 'level=(warn|error|fatal)'; then
echo "$line" >&2
else
echo "$line"
fi
done < "$LOG_PIPE"
) &
if [ ! -f /var/lib/gitea-act-runner/registration ]; then
GITEA_API="${GITEA_INSTANCE_URL%/}/api/v1"
auth="Authorization: Basic $(echo -n "$GITEA_ADMIN_USERNAME:$GITEA_ADMIN_PASSWORD" | base64 -w 0)"
runners="$(curl -sf --retry 10 --retry-connrefused -H "$auth" "$GITEA_API/admin/actions/runners")"
old_runner="$(echo "$runners" | jq -r ".runners[] | select(.name == \"$GITEA_RUNNER_NAME\") | .id")"
if [ -n "$old_runner" ]; then
curl -sf -X DELETE -H "$auth" "$GITEA_API/admin/actions/runners/$old_runner"
fi
act_runner --config /etc/gitea-act-runner/config.yaml register \
--no-interactive \
--instance "$GITEA_INSTANCE_URL" \
--token "$GITEA_RUNNER_REGISTRATION_TOKEN" \
--name "$GITEA_RUNNER_NAME" \
--labels "${GITEA_RUNNER_LABELS:-}" > "$LOG_PIPE" 2>&1
fi
exec act_runner --config /etc/gitea-act-runner/config.yaml daemon "$@" > "$LOG_PIPE" 2>&1

4
packages/docker/transmission-protonvpn/entrypoint.sh
View File

@@ -93,13 +93,13 @@ rpc_url="http://127.0.0.1:9091${rpc_path}rpc/"
natpmp_port="$(echo "$natpmp_output" | awk '/Mapped public port/ { print $4 }')" natpmp_port="$(echo "$natpmp_output" | awk '/Mapped public port/ { print $4 }')"
output_headers=$(curl -s -D - -o /dev/null -X POST "$rpc_url" \ output_headers=$(curl -sf -D - -o /dev/null -X POST "$rpc_url" \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
-d '{"method": "session-get", "arguments": {"fields": ["session-id"]}}') -d '{"method": "session-get", "arguments": {"fields": ["session-id"]}}')
session_id="$(echo "$output_headers" | awk '/X-Transmission-Session-Id:/ { print $2 }' | tr -d '\r')" session_id="$(echo "$output_headers" | awk '/X-Transmission-Session-Id:/ { print $2 }' | tr -d '\r')"
curl -s -X POST "$rpc_url" \ curl -sf -X POST "$rpc_url" \
-H "X-Transmission-Session-Id: $session_id" \ -H "X-Transmission-Session-Id: $session_id" \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
-d "{\"method\": \"session-set\", \"arguments\": {\"peer-port\": $natpmp_port}}" \ -d "{\"method\": \"session-set\", \"arguments\": {\"peer-port\": $natpmp_port}}" \

2
secrets

Submodule secrets updated: cf0eec50d0...6ce176beb3