Migrate to forgejo service

2024-04-24 13:52:57 +01:00 · 2024-04-24 13:52:57 +01:00 · e91468a73b
parent bb4e58dc60
commit e91468a73b
2 changed files with 41 additions and 31 deletions
--- a/nix/nas/configuration.nix
+++ b/nix/nas/configuration.nix
@ -330,10 +330,12 @@
        };
      };
    };
-    gitea = {
+
+    forgejo = {
      enable = true;
      stateDir = "/tank/forgejo";
-      package = pkgs.forgejo;
+      user = "git";
+      group = "git";
      settings = {
        DEFAULT = {
          APP_NAME = "Arch's Git Forge";
@ -376,6 +378,7 @@
          enable = true;
          labels = [
            "debian-latest:docker://node:18-bullseye"
+            "ubuntu-latest:docker://node:18-bullseye"
            "docker:docker://gitea/act_runner:nightly-dind-rootless"
            "nix:docker://nixos/nix"
          ];
@ -471,13 +474,36 @@
  };
  environment.shells = with pkgs; [zsh fish];

-  users.users = {
-    gsimmer = {
-      shell = pkgs.fish;
-      isNormalUser = true;
-      home = "/tank/gsimmer";
-      extraGroups = ["wheel" "libvirtd" "qemu-libvirtd"];
-      openssh.authorizedKeys.keys = let
+  users = {
+    groups.git = {};
+    users = {
+      git = {
+        home = "/tank/forgejo";
+        useDefaultShell = true;
+        group = "git";
+        isSystemUser = true;
+      };
+
+      gsimmer = {
+        shell = pkgs.fish;
+        isNormalUser = true;
+        home = "/tank/gsimmer";
+        extraGroups = ["wheel" "libvirtd" "qemu-libvirtd"];
+        openssh.authorizedKeys.keys = let
+          authorizedKeys = pkgs.fetchurl {
+            url = "https://gmem.ca/ssh";
+            hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
+          };
+        in
+          pkgs.lib.splitString "\n" (builtins.readFile
+            authorizedKeys);
+      };
+      becki = {
+        shell = pkgs.fish;
+        isNormalUser = true;
+        home = "/tank/becki";
+      };
+      root.openssh.authorizedKeys.keys = let
        authorizedKeys = pkgs.fetchurl {
          url = "https://gmem.ca/ssh";
          hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
@ -486,19 +512,6 @@
        pkgs.lib.splitString "\n" (builtins.readFile
          authorizedKeys);
    };
-    becki = {
-      shell = pkgs.fish;
-      isNormalUser = true;
-      home = "/tank/becki";
-    };
-    root.openssh.authorizedKeys.keys = let
-      authorizedKeys = pkgs.fetchurl {
-        url = "https://gmem.ca/ssh";
-        hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
-      };
-    in
-      pkgs.lib.splitString "\n" (builtins.readFile
-        authorizedKeys);
  };

  home-manager.users.gsimmer = {pkgs, ...}: {
--- a/secrets/vancouver-action-runner.age
+++ b/secrets/vancouver-action-runner.age
@ -1,10 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 oN6OTQ 290Jjq3X3EKWAJjbrxxNdLVYq7OOdTZAQBLnb0JlzEw
-Ci/Ngx0O5JbCbxNqkUdSz1zuHs2YMvi+st/Nf+BlhXk
-> ssh-ed25519 qbziOw pexX+lrzjrIvjD1BXDOwZ6jvHNwHvI8NN7t0g+WAHE4
-8TlaRQnd/H/1nML+bJOL9J6rG1FOSFY7qTTiu11gqRo
-> Q5TArB-grease
-bYTE3nqG4aLFTuXCpjRNM7rnVFlL7BCJ2BlqJbMn0CImH3owoMnYwpBBEO2i5/O7
-XdBin6lrZDYiFZMLzQ4DRd8B
--- GfQW76dgud6sOfFfB1VoRiiZZqDePubrWRTbvKcx3Z0
-“n-‡ŽA3]Éró]YHp'`º…2óH^Î%Ï}=	Nzútoöä:³5õ³ˆª‚éùê—R <52>§¾áýLçž¶6‹©ÀÐÝ24¼ª"WË
+-> ssh-ed25519 oN6OTQ e6ldvoLxjS1vUBY2glP9UbAvOoDkgTF/Hsjy22C4E3E
+qjdy/Zh7+0wSIJjNuov0/KQaiWJzVfzSLKzIYhK3tKE
+-> ssh-ed25519 qbziOw 8daUrL9RuNfduBTXesLd1ndSFSRJwKj3+fqAWJlRrG8
+kazcLzdfpBIVhyFJuDMEtCr1EXRDa0wNkGMxrGPXcFw
+--- PW+ZaxdW9FYv129kt44jeeiY3GwrLkH5szOsr/ziJEQ
+Û2ÄÐ)þ*“…Œmã<£>=²^¶ñTžc•¿¯Q—%ø7wF†<»+{&[Ø!0&Gùù+„ùô¶·œSÐ‡‹ýÍà˜ÉÎl~{