satr14/nix-flake
1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

uses ssh instead
Some checks failed
NixOS Rebuild / rebuild (push) Failing after 0s
Details

Browse source
This commit is contained in:
Satria 2026-03-15 09:49:32 +07:00
commit 50c5788e6b
3 changed files with 23 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

41
modules/system/homelab/git.nix
View file

@ -45,48 +45,11 @@
url = "https://git.proxy.${homelab.domain}";
tokenFile = "/root/forgejo-token-runner";
labels = [ "self-hosted:host" "docker" ];
hostPackages = with pkgs; [ bash coreutils git nix ];
hostPackages = with pkgs; [ bash coreutils git nix openssh nodejs ];
};
};
users.users.gitea-runner = {
isSystemUser = true;
group = "gitea-runner";
};
users.groups.gitea-runner = {};
systemd.services."gitea-runner-nixos-deploy" = {
restartIfChanged = true;
# serviceConfig = {
# User = lib.mkForce "root";
# Group = lib.mkForce "root";
# NoNewPrivileges = lib.mkForce false;
# RestrictSUIDSGID = lib.mkForce false;
# PrivateUsers = lib.mkForce false;
# PrivateTmp = lib.mkForce false;
# PrivateDevices = lib.mkForce false;
# ProtectSystem = lib.mkForce false;
# ProtectHome = lib.mkForce false;
# ProtectKernelTunables = lib.mkForce false;
# ProtectKernelModules = lib.mkForce false;
# ProtectKernelLogs = lib.mkForce false;
# ProtectControlGroups = lib.mkForce false;
# RestrictNamespaces = lib.mkForce false;
# RestrictRealtime = lib.mkForce false;
# LockPersonality = lib.mkForce false;
# MemoryDenyWriteExecute = lib.mkForce false;
# ProtectProc = lib.mkForce "default";
# SystemCallArchitectures = lib.mkForce "";
# SystemCallFilter = lib.mkForce [];
# ReadWritePaths = lib.mkForce [];
# ReadOnlyPaths = lib.mkForce [];
# InaccessiblePaths = lib.mkForce [];
# };
restartIfChanged = false;
};
# security.sudo.extraRules = [{
# users = [ "gitea-runner" ];
# commands = [{
# command = "/run/current-system/sw/bin/nixos-rebuild";
# options = [ "NOPASSWD" ];
# }];
# }];
}