move runner to node

2025-09-27 15:36:14 -05:00 · 2025-09-27 15:36:14 -05:00 · 3f81a20e87
commit 3f81a20e87
parent c0a175ec7f
5 changed files with 62 additions and 16 deletions
--- a/nixos/consensus/configuration.nix
+++ b/nixos/consensus/configuration.nix
@ -8,6 +8,7 @@
  imports = [
    ./hardware-configuration.nix
    ./backups.nix
+    ./forgejo-runner.nix
  ];
  sops = {
    secrets = {
--- a/nixos/consensus/forgejo-runner.nix
+++ b/nixos/consensus/forgejo-runner.nix
@ -7,17 +7,17 @@
      };
    };
  };
-  virtualisation.docker.enable = true;
  services.gitea-actions-runner = {
    package = pkgs.forgejo-actions-runner;
    instances.default = {
      enable = true;
-      name = "oracle-runner1";
+      name = "runner-1";
      url = "https://git.10110110.xyz";
      tokenFile = config.sops.secrets."forgejo-runner".path;
      labels = [
        "ubuntu-latest:docker://node:20-bullseye"
-        "nix-latest:docker://nixos/nix:latest"
+        "nix-upstream-latest:docker://nixos/nix:latest"
+        "native:host"
      ];
    };
  };
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -66,7 +66,6 @@ in
    };
    modules = defaultModules ++ [
      ./oracle/configuration.nix
-      ./oracle/forgejo-runner.nix
    ];
  };
 }
--- a/nixos/oracle/forgejo.nix
+++ b/nixos/oracle/forgejo.nix
@ -5,10 +5,14 @@ let
 in
 {
  sops = {
+    defaultSopsFile = ../../secrets/restic.yaml;
    secrets = {
      "env" = {
        sopsFile = ../../secrets/cf-acme.yaml;
      };
+      "b2-forgejo/env" = { };
+      "b2-forgejo/repo" = { };
+      "b2-forgejo/password" = { };
    };
  };
  security.acme = {
@ -61,4 +65,24 @@ in
      };
    };
  };
+  services.restic.backups = {
+    b2-forgejo = {
+      initialize = true;
+      environmentFile = config.sops.secrets."b2-forgejo/env".path;
+      repositoryFile = config.sops.secrets."b2-forgejo/repo".path;
+      passwordFile = config.sops.secrets."b2-forgejo/password".path;
+
+      paths = [
+        "/var/lib/forgejo"
+      ];
+      timerConfig = {
+        OnCalendar = "*-*-* */6:00:00";
+      };
+      pruneOpts = [
+        "--keep-daily 31"
+        "--keep-monthly 6"
+        "--keep-yearly 2"
+      ];
+    };
+  };
 }