From c285b75264c95e7839d7cc361bb8eb6184fbeab5 Mon Sep 17 00:00:00 2001 From: Kabbone Date: Sat, 6 Apr 2024 18:19:59 +0200 Subject: [PATCH] service: gitea register --- modules/services/dmz/gitea_runner.nix | 1 + modules/services/dmz/microvm.nix | 13 +++---- secrets/services/gitea/homerunner-token.age | 39 ++++++++++----------- 3 files changed, 25 insertions(+), 28 deletions(-) diff --git a/modules/services/dmz/gitea_runner.nix b/modules/services/dmz/gitea_runner.nix index f5a29f1..661d400 100644 --- a/modules/services/dmz/gitea_runner.nix +++ b/modules/services/dmz/gitea_runner.nix @@ -5,6 +5,7 @@ podman ={ enable = true; autoPrune.enable = true; + dockerCompat = enable; }; }; diff --git a/modules/services/dmz/microvm.nix b/modules/services/dmz/microvm.nix index f62b0a9..b691ee0 100644 --- a/modules/services/dmz/microvm.nix +++ b/modules/services/dmz/microvm.nix @@ -1,4 +1,4 @@ -{ config, microvm, nixpkgs, user, agenix, impermanence, ... }: +{ config, microvm, lib, user, agenix, impermanence, ... }: let name = "gitea-runner"; in @@ -10,10 +10,7 @@ in vms = { ${name} = { - pkgs = import nixpkgs { - system = "x86_64-linux"; - config.allowUnfree = true; - }; + inherit pkgs; config = { imports = @@ -24,7 +21,7 @@ in networking = { hostName = "${name}"; - firewall = { + firewall = { enable = true; allowedUDPPorts = [ ]; allowedTCPPorts = [ ]; @@ -72,12 +69,12 @@ in }; }; - fileSystems."/persist".neededForBoot = nixpkgs.lib.mkForce true; + fileSystems."/persist".neededForBoot = lib.mkForce true; environment.persistence."/persist" = { directories = [ "/var/log" - "/var/lib" + "/var/lib/private" ]; files = [ diff --git a/secrets/services/gitea/homerunner-token.age b/secrets/services/gitea/homerunner-token.age index 97f062c..433ac28 100644 --- a/secrets/services/gitea/homerunner-token.age +++ b/secrets/services/gitea/homerunner-token.age @@ -1,22 +1,21 @@ age-encryption.org/v1 --> ssh-ed25519 1fxDZw BnDSncj1rpXBw/zpVtopFjHMCKeZcXBZRISY7zd+Sg4 -fZii/lRRZTBM6iQmqtyCHGS4tXFABwKGJBS9oMYfvbQ +-> ssh-ed25519 1fxDZw +2cFMiJdY+ZtCdokAN05IA6iPV5agWEgD+8mf/TcE0g +0IQ3KuJvsAEQJf5nboUOaw67ikYgQcoKozHTWVAPwM4 -> ssh-rsa VtjGpQ -g3lBEHohQ3L4B8lHvoGOGH+Duy1uuGjGQ3qsTwPzfd85g7YuOMBvh9vfWy4PgpC+ -OZLzDjha9zPu8MxX1nw0DBhH6WZ/epz0RAUyxuozha/gD8uGrAbrX9csS8Bnzfn/ -n6aopX/id4ijaXXGX8mIVn2105wIb0bx3nh3A2EurvEzOHn5fzbgyh40SCC8dZT1 -eTasf/7iEzlDn+dWoifMT/rsk6Y5ACEpxIngYL0RbARsts07b5M6wRictLd22Ypq -0JBgoMjmUdp4dcWx1V2LUa2wTIjkIDCX2grekqapzHutci9uVtfDOavuQd9I0frI -p6iHQzB2w/5LlC+g6aX/Z/LoCMT3ogEdbhWBOSmEjWQ9pNq9W6jWg4kUvbJOga0X -sH7JGPBtAvSzz45IkLq6KKORLfgYM2DNaRBgN0rHC5YAE91NfmWpLFWH8S1DHQHI -3rUmvY6N5NuUxSIj0fAqQbAgC2k6uxwMXA7h6z8EQRcA2siTpe1AIkvMPoVCmr5j -PAcyWwOqLGg3HGLMonNbNPR+Rv0YMuQNDa6ppAEoGLhofeJYKbS7znI1J66ZM7Ow -2eFjDLTA9H3h690srVLNqKrZEu7jhn1qXl+nqpAXmVBG6px5aCW7sSp2wbqo3M0H -Anv3gFd2YWOetIQ2aI3Yd88OGqEQeilZZxgAV0xlbyM --> piv-p256 grR75w A8Enx3dlMiGWgqYYQnMALCFW09A/+bxtR0/zRCahONJF -kwjOIuuMq0kIgrsu7z2CTeNgqbDJh9LsQhQGbUuTMz8 --> piv-p256 RQguQQ Akb2UKr+fhshdjzkuYpvTdz6l8j6tAuDcMnpX2Qq6Zhq -OTwRoKFV5hwpYygz892IKc8oi2Mqlctp4X04cUGsyvw ---- UuF0QrpyA6x6Z0wa6SmPZxMuob0fhBhTzjedxx2rKy0 -XV|/py䰅RAZVf -Ʈ}~fيH5,JobPdN \ No newline at end of file +ZQgQJhaJ9rz+nR+BLqFv1UMh5Gz5pEGQhXX9Pc6+SWHLIk2QALmMHoWpICVjk1oP +kw6lhmxmzmApHRJqzl3FHln9zcMtfsJVKyaXZKbS0RjmkwWIIkFYbHLoGCSi1lEN +4H/GbC7FzWxGnB5Iv8uhbQa9GUaVQy1o+sTJTX9tkn7+obqnzTfqeZDt89Zh18ly +7SqsNL+WtpZOlB7RJ/Mx+LlHfMEmySQ2MFuCiTGvQEPVfyyp+2wzGh7KmaQ/956M +olO8bkJSgqqWiOriCBVP7YbKGO7zDzVd3W/Sa36BdOb6SiXbT6cGAZbvlixeKPBR +uIb9VdgWjKmdXUDBAcaaQpEKdUI8R4mAYesLpi93ViPUH+nMwlY2A+v8O3RidS9C +iX8qPTpuTL8a1C3e+N6RsqcUNA/Nq6BeByNbn8XEU6RqpucciNu8XSCyHR+ECW4k +JMISTiP84WOL+h7C1q7zu9HzTBA3jWh0sxhfEGi9rbPwppn6XfO2I4apx1uaKvb1 +95HEMP83b5fvdPx3mzuG43K7/N3+RGdROUzsK2b21tRDH0XYIEnWJIX0GKA9g9xN +NCU5s4U1OYrYdYGSS8zXuWtnc1P+HbB/u2NppzQc/4a8eVNln76/jurzVHC9ErLe +adWfZ+zaP2FliKmTHCxknLyCCB2+0/0FgsX0EB1BWh4 +-> piv-p256 grR75w Av82D2zMKR8dUh4XPE/o76r3bZbMplG/XEr8KGjgK+rs +oXH7DUDE5nNNrehwgT2heE+r6uh+NJ6tEQTIAY/m0D8 +-> piv-p256 RQguQQ A59JG4hncnWZu+4KnXog5+bJKXTAj/9ulRMXL4jfT71Z +IV0yNfPNQX0vSH5UahQB7W49NIgDFnZ71o8etiL5aXA +--- uTjO87M1XUksCmCwEIjKf3mD46hQpzsVyIeYrgR5R2g +A%[KEA$XX`֦SJIEs_l5ʿ~!BD|%4*bQG%X=#NDfK \ No newline at end of file