split forgejo-runner into own service file for staged deployment
- Extract forgejo-runner config from forgejo.nix into forgejo-runner.nix - Move forgejo-runner to stage 2 (requires running Forgejo for token) - Remove all stage-2 secrets from sops.nix (each service file owns its secrets) - Update first-install docs with corrected staged deployment flow - Fixes deployment failure caused by runner crashing with placeholder token
This commit is contained in:
steffen
parent
da37a2dce3
commit
4c560abffd
6 changed files with 36 additions and 41 deletions
22
hosts/cryodev-main/services/forgejo-runner.nix
Normal file
22
hosts/cryodev-main/services/forgejo-runner.nix
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
{
|
||||
config,
|
||||
outputs,
|
||||
constants,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
imports = [
|
||||
outputs.nixosModules.forgejo-runner
|
||||
];
|
||||
|
||||
services.forgejo-runner = {
|
||||
enable = true;
|
||||
url = "https://${constants.services.forgejo.fqdn}";
|
||||
tokenFile = config.sops.secrets."forgejo-runner/token".path;
|
||||
};
|
||||
|
||||
sops.secrets."forgejo-runner/token" = {
|
||||
mode = "0400";
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue