steffen/cryodev
1
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions

split forgejo-runner into own service file for staged deployment

Browse source 
- Extract forgejo-runner config from forgejo.nix into forgejo-runner.nix
- Move forgejo-runner to stage 2 (requires running Forgejo for token)
- Remove all stage-2 secrets from sops.nix (each service file owns its secrets)
- Update first-install docs with corrected staged deployment flow
- Fixes deployment failure caused by runner crashing with placeholder token
This commit is contained in:
steffen 2026-03-14 12:22:33 +01:00
parent da37a2dce3
commit 4c560abffd
6 changed files with 36 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

8
hosts/cryodev-main/services/default.nix
View file

@ -1,13 +1,17 @@
{
imports = [
# Stufe 1: Services ohne externe Abhaengigkeiten
./forgejo.nix
./headplane.nix
./headscale.nix
./mailserver.nix
./netdata.nix
./nginx.nix
./openssh.nix
./sops.nix
./tailscale.nix
# Stufe 2: Erst aktivieren wenn Headscale/Forgejo laufen und echte Secrets existieren
# ./forgejo-runner.nix # braucht: forgejo-runner/token (Forgejo)
# ./headplane.nix # braucht: headplane/agent_pre_authkey (Headscale)
# ./tailscale.nix # braucht: tailscale/auth-key (Headscale)
];
}