steffen/cryodev
1
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions

fix forgejo-runner token: use SOPS template with TOKEN= prefix

Browse source 
The gitea-actions-runner NixOS module expects tokenFile to be an
EnvironmentFile containing TOKEN=<value>, but sops-nix writes only
the raw secret value. Use a sops template to prepend TOKEN= prefix.
This commit is contained in:
steffen 2026-03-14 12:43:07 +01:00
parent 086e760b9e
commit 82f3be3b9d
3 changed files with 13 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/cryodev-main/services/default.nix
View file

@ -10,8 +10,8 @@
./sops.nix
# Stufe 2: Erst aktivieren wenn Headscale/Forgejo laufen und echte Secrets existieren
# ./forgejo-runner.nix # braucht: forgejo-runner/token (Forgejo)
# ./headplane.nix # braucht: headplane/agent_pre_authkey (Headscale)
# ./tailscale.nix # braucht: tailscale/auth-key (Headscale)
./forgejo-runner.nix # braucht: forgejo-runner/token (Forgejo)
./headplane.nix # braucht: headplane/agent_pre_authkey (Headscale)
./tailscale.nix # braucht: tailscale/auth-key (Headscale)
];
}

8
hosts/cryodev-main/services/forgejo-runner.nix
View file

@ -13,10 +13,16 @@
services.forgejo-runner = {
enable = true;
url = "https://${constants.services.forgejo.fqdn}";
tokenFile = config.sops.secrets."forgejo-runner/token".path;
tokenFile = config.sops.templates."forgejo-runner-token".path;
};
sops.secrets."forgejo-runner/token" = {
mode = "0400";
};
sops.templates."forgejo-runner-token" = {
content = ''
TOKEN=${config.sops.placeholder."forgejo-runner/token"}
'';
};
}