loptland: modularize config a little by pulling out modules for gitea-runner and hydra

2025-05-05 22:59:04 +02:00 · 2025-05-05 22:59:04 +02:00 · 6b31252058
commit 6b31252058
parent 71e8eab3dc
3 changed files with 230 additions and 54 deletions
--- a/systems/x86_64-linux/loptland/default.nix
+++ b/systems/x86_64-linux/loptland/default.nix
@ -35,9 +35,6 @@ in
      "forgejo/mail/passwordHash" = {
        inherit sopsFile;
      };
-      "forgejo/runner/token" = {
-        inherit sopsFile;
-      };
    };
  };

@ -55,7 +52,7 @@ in
        };
      };

-      "hydra.${domainName}" = {
+      "hydra.${domainName}" = mkIf config.${namespace}.services.hydra.enable {
        forceSSL = cfg.enableAcme;
        useACMEHost = mkIf cfg.enableAcme domainName;

@ -78,7 +75,7 @@ in
        };
      };

-      "nixcache.${domainName}" = {
+      "nixcache.${domainName}" = mkIf config.${namespace}.services.hydra.enableCache {
        forceSSL = cfg.enableAcme;
        useACMEHost = mkIf cfg.enableAcme domainName;

@ -180,60 +177,11 @@ in
    ];
  };

-  services.nix-serve = {
-    enable = true;
-    secretKeyFile = "/var/cache-priv-key.pem";
-  };
-
-  services.hydra = {
-    enable = true;
-    hydraURL = "http://localhost:${toString hydraPort}";
-    port = hydraPort;
-    notificationSender = "hydra@localhost";
-    useSubstitutes = true;
-  };
-
  services.tailscale = {
    enable = true;
    useRoutingFeatures = "client";
  };

-  services.gitea-actions-runner = {
-    package = pkgs.forgejo-actions-runner;
-    instances = {
-      native = {
-        enable = true;
-        name = "monolith";
-        url = "https://git.${domainName}";
-        tokenFile = config.sops.secrets."forgejo/runner/token".path;
-        labels = [
-          "native:host"
-        ];
-        hostPackages = with pkgs; [
-          bash
-          coreutils
-          curl
-          gawk
-          gitMinimal
-          gnused
-          nodejs
-          wget
-          lix
-        ];
-        settings = {
-          log.level = "info";
-          runner = {
-            capacity = 1;
-            timeout = "3h";
-            shutdown_timeout = "5s";
-            fetch_timeout = "10s";
-            fetch_inteval = "5s";
-          };
-        };
-      };
-    };
-  };
-
  networking.firewall.allowedTCPPorts = [
    forgejoPort
    80
@ -251,6 +199,15 @@ in
        inherit sopsFile;
      };
      openssh = enabled;
+      hydra = {
+        enable = true;
+        httpPort = hydraPort;
+        enableCache = true;
+      };
+      gitea-runner = {
+        enable = true;
+        inherit sopsFile;
+      };
    };

    security = {