forgejo runner for nixos rebuild

2026-03-14 09:20:06 +07:00 · 2026-03-14 09:20:06 +07:00 · f5d8213a7d
commit f5d8213a7d
parent 7072841f27
1 changed files with 60 additions and 43 deletions
--- a/modules/system/homelab/git.nix
+++ b/modules/system/homelab/git.nix
@ -1,5 +1,13 @@
 { pkgs, homelab, ... }: {
-  services.forgejo = {
+  security.sudo.extraRules = [{ # for configuration activation on push to git
+    users = [ "gitea-runner" ]; 
+    commands = [{ 
+      command = "/run/current-system/sw/bin/nixos-rebuild"; 
+      options = [ "NOPASSWD" ]; 
+    }];
+  }];
+  services = {
+    forgejo = {
      enable = true;
      lfs.enable = true;
      stateDir = "/mnt/data/forgejo";
@ -32,7 +40,7 @@
          DISABLE_REGISTRATION = true;
          ENABLE_OPENID_SIGNIN = false;
          ENABLE_OPENID_SIGNUP = false;
-        ENABLE_INTERNAL_SIGNIN = true; # TODO: set false after migration complete
+          ENABLE_INTERNAL_SIGNIN = true; 
          SHOW_REGISTRATION_BUTTON = false;
          ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
          ALLOW_ONLY_INTERNAL_REGISTRATION = false;
@ -45,5 +53,14 @@
          ENABLE_PUSH_CREATE_USER = true;
        };
      };
+      gitea-actions-runner.instances.nixos-deploy = {
+        enable = true;
+        name = "nixos-server-runner";
+        url = "https://git.proxy.${homelab.domain}";
+        tokenFile = "/mnt/data/forgejo/runner/nixos_deploy_runner_token"; 
+        labels = [ "nixos-server" ];
+        hostPackages = with pkgs; [ bash coreutils git nix ];
+      };
+    };
  };
 }