migrate from gitea to forgejo
Flake Check / flake-check (pull_request) Successful in 1m40s Details

pull/69/head
Tudor Roman 2024-03-04 18:22:20 +01:00
parent 6d83bc868e
commit 6b900213e3
Signed by: tudor
SSH Key Fingerprint: SHA256:3CwS9plgXBecpXImPGxDIaSktUXBejbV/zerZMqzzBk
6 changed files with 39 additions and 36 deletions

View File

@ -18,7 +18,7 @@
web = {
nginx.enable = true;
cgit.enable = false;
gitea = {
forgejo = {
enable = true;
actions = {
enable = true;
@ -63,7 +63,7 @@
tudor-password.file = ../../secrets/ceres/tudor-password.age;
yarr-credentials.file = ../../secrets/ceres/yarr-credentials.age;
dedyn.file = ../../secrets/ceres/dedyn.age;
gitea-actions-token.file = ../../secrets/ceres/gitea-actions-token.age;
forgejo-actions-token.file = ../../secrets/ceres/forgejo-actions-token.age;
};
users.users.tudor = {

View File

@ -1,7 +1,7 @@
{...}: {
imports = [
./cgit
./gitea.nix
./forgejo.nix
./nginx.nix
./site.nix
./yarr.nix

View File

@ -1,6 +1,6 @@
# HUGE thanks to this: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
# Largely copied from there. Improved and clean afterwards.
# This file is meant to be conditionally included in ./gitea.nix
# This file is meant to be conditionally included in ./forgejo.nix
{
config,
lib,
@ -9,7 +9,7 @@
flake,
...
}: let
cfg = config.systemModules.services.web.gitea.actions;
cfg = config.systemModules.services.web.forgejo.actions;
name = "${config.networking.hostName}-1";
escapedName = utils.escapeSystemdPath name;
@ -27,7 +27,7 @@
};
in
pkgs.dockerTools.streamLayeredImage {
name = "gitea-runner-nix";
name = "forgejo-runner-nix";
tag = "latest";
contents = [
nixConfig
@ -50,11 +50,11 @@
config.Cmd = ["/bin/bash"];
};
in {
services.gitea = {
services.forgejo = {
settings.actions.ENABLED = true;
};
systemd.services.gitea-runner-nix-image = {
systemd.services.forgejo-runner-nix-image = {
wantedBy = ["multi-user.target"];
after = ["podman.service"];
requires = ["podman.service"];
@ -67,34 +67,34 @@ in {
'';
serviceConfig = {
RuntimeDirectory = "gitea-runner-nix-image";
WorkingDirectory = "/run/gitea-runner-nix-image";
RuntimeDirectory = "forgejo-runner-nix-image";
WorkingDirectory = "/run/forgejo-runner-nix-image";
Type = "oneshot";
RemainAfterExit = true;
};
};
systemd.services."gitea-runner-${escapedName}-token" = {
systemd.services."forgejo-runner-${escapedName}-token" = {
wantedBy = ["multi-user.target"];
after = ["gitea.service"];
after = ["forgejo.service"];
environment = {
GITEA_CUSTOM = "/var/lib/gitea/custom";
GITEA_WORK_DIR = "/var/lib/gitea";
FORGEJO_CUSTOM = "/var/lib/forgejo/custom";
FORGEJO_WORK_DIR = "/var/lib/forgejo";
};
script = ''
set -euo pipefail
token=$(${lib.getExe config.services.gitea.package} actions generate-runner-token)
echo "TOKEN=$token" > /var/lib/gitea-registration/${name}-token
token=$(${lib.getExe config.services.forgejo.package} actions generate-runner-token)
echo "TOKEN=$token" > /var/lib/forgejo-registration/${name}-token
'';
unitConfig.ConditionPathExists = ["!/var/lib/gitea-registration/${name}"];
unitConfig.ConditionPathExists = ["!/var/lib/forgejo-registration/${name}"];
serviceConfig = flake.self.lib.harden {
DynamicUser = false;
User = "gitea";
Group = "gitea";
StateDirectory = "gitea-registration";
User = config.services.forgejo.user;
Group = config.services.forgejo.group;
StateDirectory = "forgejo-registration";
Type = "oneshot";
RemainAfterExit = true;
};
@ -104,6 +104,8 @@ in {
enable = true;
};
# TODO: change to forgejo-runner once there's a NixOS
# module for it
systemd.services."gitea-runner-${escapedName}" = {
serviceConfig = flake.self.lib.harden {
# make it not dump literally everything in the syslog
@ -119,23 +121,24 @@ in {
# LockPersonality = false;
};
after = [
"gitea-runner-${escapedName}-token.service"
"gitea-runner-nix-image.service"
"forgejo-runner-${escapedName}-token.service"
"forgejo-runner-nix-image.service"
];
requires = [
"gitea-runner-${escapedName}-token.service"
"gitea-runner-nix-image.service"
"forgejo-runner-${escapedName}-token.service"
"forgejo-runner-nix-image.service"
];
};
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.${name} = {
inherit name;
enable = true;
url = config.services.gitea.settings.server.ROOT_URL;
tokenFile = "/var/lib/gitea-registration/${name}-token";
url = config.services.forgejo.settings.server.ROOT_URL;
tokenFile = "/var/lib/forgejo-registration/${name}-token";
labels = [
"nix:docker://gitea-runner-nix"
"nix:docker://forgejo-runner-nix"
"ubuntu-latest:docker://node:lts-bookworm"
"ubuntu-22.04:docker://node:lts-bullseye"
"ubuntu-20.04:docker://node:lts-bullseye"

View File

@ -7,20 +7,20 @@
...
}:
with lib; let
cfg = config.systemModules.services.web.gitea;
cfg = config.systemModules.services.web.forgejo;
in {
options.systemModules.services.web.gitea = {
enable = mkEnableOption "Enable Gitea";
options.systemModules.services.web.forgejo = {
enable = mkEnableOption "Enable Forgejo";
actions = {
enable = mkEnableOption "Enable Gitea Actions runner";
enable = mkEnableOption "Enable Forgejo Actions runner";
host = mkOption {
type = types.str;
description = "Gitea actions runner LAN IP";
description = "Forgejo actions runner LAN IP";
default = "";
};
cachePort = mkOption {
type = types.int;
description = "Gitea actions runner cache port";
description = "Forgejo actions runner cache port";
default = 8088;
};
};
@ -28,7 +28,7 @@ in {
config = mkIf cfg.enable (mkMerge [
{
services.gitea = {
services.forgejo = {
enable = true;
appName = "Tudor's Code Pantry";
database.type = "sqlite3";
@ -53,7 +53,7 @@ in {
};
};
}
(mkIf cfg.actions.enable (import ./gitea-actions.nix {
(mkIf cfg.actions.enable (import ./forgejo-actions.nix {
inherit config lib pkgs utils flake;
}))
]);

View File

@ -6,5 +6,5 @@ in {
"tudor-password.age".publicKeys = keys;
"yarr-credentials.age".publicKeys = keys;
"dedyn.age".publicKeys = keys;
"gitea-actions-token.age".publicKeys = keys;
"forgejo-actions-token.age".publicKeys = keys;
}