diff --git a/nixos/primordial/configuration.nix b/nixos/primordial/configuration.nix index 9f77baa..4511881 100644 --- a/nixos/primordial/configuration.nix +++ b/nixos/primordial/configuration.nix @@ -14,6 +14,7 @@ in { sops.secrets."keycloak_db_pw" = {}; sops.secrets."restic_mail_repository_password" = {}; sops.secrets."restic_ssh_key" = {}; + sops.secrets."act-runner-token" = {}; imports = [ ./mail.nix @@ -231,6 +232,26 @@ in { lfs.enable = true; }; + gitea-actions-runner.instances = { + docker-runner = { + enable = true; + name = "primordial-docker"; + url = "https://git.fuckwit.dev"; + tokenFile = config.sops.secrets."act-runner-token".path; + labels = [ + "nix:docker://nixos/nix:latest" + ]; + # hostPackages = with pkgs; [ + # bash + # coreutils + # curl + # wget + # gnused + # gitMinimal + # ]; + }; + }; + grafana = { enable = true; @@ -297,6 +318,8 @@ in { # }; }; + virtualisation.podman.enable = true; + users.users."root".openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP8zNAXScQ4FoWNxF4+ALJXMSi3EbpqZP5pO9kfg9t8o patrick@NBG1-DC3-PC20-2017-10-24" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPflDQOANGhgtfo2psRwSFtY5ETHX/bsDmqrho3iX9jt root@arschlinux" diff --git a/nixos/primordial/secrets.yaml b/nixos/primordial/secrets.yaml index 374c330..1e0f01f 100644 --- a/nixos/primordial/secrets.yaml +++ b/nixos/primordial/secrets.yaml @@ -2,6 +2,7 @@ gitea.env: ENC[AES256_GCM,data:wkSPzLQtL3vGNIjG+jG6I3+R7wLBBdXeaCHbKxMbpVOldo8zr keycloak_db_pw: ENC[AES256_GCM,data:1oBqzpFokAmjkT770YKYwzCllaGTprtDR9W4B/+V6ZUXPhJ1R9DNWZHqpQ==,iv:dK36GBiDj12HVjUkZqTVk/rR6s1sf6dmQTk1ZJQwi+I=,tag:6Ix9QSf+A0U82sG0z8wSmw==,type:str] restic_mail_repository_password: ENC[AES256_GCM,data:B2XAP9tnztl/c7HB7bHywfJcwV9sLahfqCfI0TajWaWHPhRsZow4yxhn813FN4pINb5i1kYyiRG/sMXMKAFo9g==,iv:pQnVRVtuhcVtH/Kot9hcx8DSA4qlkksuUiY8HaOawfk=,tag:4lbmh8bQDSVNbI06/gNUlQ==,type:str] restic_ssh_key: ENC[AES256_GCM,data:HpS73OEFvqSLYg8Qh1syJEjCfv5og5VxxzK2VPmAFRk5BzM4xF3Dn0cmJtQpwMMwaRGRWFdCTMrQCBWRrLgDt7wUyMpBn1HivLr4nwEOU4oDStv+1zKmrNbWLSYw3TbHoNJ2K+C46lfpV9CBdb+8dmv2vto6HoKFrOYc5/ftYd7lD9zMhueAMCc3q7aPsIFGb2TRGNz1wrF6Cn9ew1Oqh/P7xlUuIgS0kAKRrybhiIO9IUgQsTV3qqZIXogP4Yy2OLSyhbtDuvtLAncL2pJ/ZsGme47G8HoFomyqEIf0eq7YKqlpTqKPbbnxfWSlWYGg+l9OtCJOeyp5oEZ6sjPNdTUYjpcVZpHNEEa2zkaZzRj5Jo/GIiJfCu4F0kk4opbqEUTeDQHgesylxwpd/v5zaplGEqpYZ7y/DAud+YUw7XWYWjy60kjlZdkbKwrL/Cg4dxWY8Cc7v42Ve7aADgSEpEhwo5rHxM3JSVHHHunfC6y+/Qin26wQZhF1w+d8/yqSaJidx6FsDSipGCJtXa9liIG7oG2vUlmYm4rE,iv:d/AFzPAJGSGv1WzQY4+p8mImFoWKkaoMRtIBNAYiU0E=,tag:mdE/e2VX5zdrFT43NZaYNQ==,type:str] +act-runner-token: ENC[AES256_GCM,data:xPtwvTdndOEW0xb0IY1M3SRxRXFVYvHr4TXqQspHWfcS6vsvGcJ2+ppM44TTNA==,iv:dusVCV9Z5AKiK6yxa45nBLmrLc0A5ph6UQIOWEBpz/A=,tag:rjl047w0LBQUagcNuxjtBQ==,type:str] sops: kms: [] gcp_kms: [] @@ -17,8 +18,8 @@ sops: V1h2NGxyNVc3WnF2ZFBpQm1oK1AzeGcK4GoD2E8nwOl/WKtgMgs0Y1Q8abRX4mpy GdHGDQUWvySCisJo4JXsooYkLjOyKvir+vcVbX4nDd4L1W2OMULkrg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-17T19:36:07Z" - mac: ENC[AES256_GCM,data:htvYIuHrOZ8jyVPVW7mVeTtf1eefwYkkZJ0l3xLFsVcCBlU3CjDgx+J9WN0kHw6TP+cP/+StYOtAthFe6UpoF8pmCvI+dKysrN6iLmqZySmh576YOY0Aq83WO4UOawZbarx8VUqTFdBrdp2bnMEjJ4bYvoTRuvAkQZocP8BK460=,iv:W8W8IZeviuUjE1Zz0x5m1/py/Zmx6rwl1ndVXfaR+DE=,tag:QXj9FZVk+H8ztI1VEFLyOQ==,type:str] + lastmodified: "2025-01-09T19:20:12Z" + mac: ENC[AES256_GCM,data:aoxhtk4086HqeHBVSg5GVSXz2q40eMJdXGwrAeVtZSHi8dhoanIqcHts2sSJkyPyjJa0ulZscDM6FUCQGucnHMetMz50DB+7AQsdQArMefQYCHQj8nnsPHEs45EXVPRwXq/dgm5dPTXi75npeZbPEm0PbDkwHOb+691SY4LqXjQ=,iv:WaenzW10mOkUlfWCpSKOYy/2Vlf/6cX75qKZ+VO10Ww=,tag:qZKJiMVbJnHRpVJabpZ9sA==,type:str] pgp: - created_at: "2024-01-25T11:10:44Z" enc: |- @@ -33,4 +34,4 @@ sops: -----END PGP MESSAGE----- fp: 5FA64909521A5C85992F26E0F819AEFF941BB849 unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.9.2