steffen/cryodev
1
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions

split forgejo-runner into own service file for staged deployment

Browse source 
- Extract forgejo-runner config from forgejo.nix into forgejo-runner.nix
- Move forgejo-runner to stage 2 (requires running Forgejo for token)
- Remove all stage-2 secrets from sops.nix (each service file owns its secrets)
- Update first-install docs with corrected staged deployment flow
- Fixes deployment failure caused by runner crashing with placeholder token
This commit is contained in:
steffen 2026-03-14 12:22:33 +01:00
parent da37a2dce3
commit 4c560abffd
6 changed files with 36 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

12
hosts/cryodev-main/services/forgejo.nix
View file

@ -8,7 +8,6 @@
{
imports = [
outputs.nixosModules.forgejo
outputs.nixosModules.forgejo-runner
];
services.forgejo = {
@ -32,17 +31,6 @@
};
};
services.forgejo-runner = {
enable = true;
url = "https://${constants.services.forgejo.fqdn}";
tokenFile = config.sops.secrets."forgejo-runner/token".path;
};
sops.secrets."forgejo-runner/token" = {
# gitea-runner user is created by gitea-actions-runner service
mode = "0400";
};
services.nginx.virtualHosts."${constants.services.forgejo.fqdn}" = {
forceSSL = true;
enableACME = true;