steffen 5ba78886d2 Add SD image pipeline, documentation overhaul, and fix module issues

- Add automatic SD image builds for Raspberry Pi via Forgejo Actions
- Enable binfmt emulation on cryodev-main for aarch64 cross-builds
- Add sd-image.nix module to cryodev-pi configuration
- Create comprehensive docs/ structure with installation guides
- Split installation docs into: first-install (server), reinstall, new-client (Pi)
- Add lib/utils.nix and apps/rebuild from synix
- Fix headplane module for new upstream API (tale/headplane)
- Fix various module issues (mailserver stateVersion, option conflicts)
- Add placeholder secrets.yaml files for both hosts
- Remove old INSTRUCTIONS.md (content moved to docs/)

2026-03-11 08:41:58 +01:00

2.5 KiB

Raw Blame History

Forgejo

Forgejo is a self-hosted Git service (fork of Gitea) with built-in CI/CD Actions.

References

Setup

DNS

Set a CNAME record for git.cryodev.xyz pointing to your main domain.

Configuration

# hosts/cryodev-main/services/forgejo.nix
{ config, ... }:
{
  services.forgejo = {
    enable = true;
    settings = {
      server = {
        DOMAIN = "git.cryodev.xyz";
        ROOT_URL = "https://git.cryodev.xyz";
      };
      mailer = {
        ENABLED = true;
        FROM = "forgejo@cryodev.xyz";
      };
    };
  };
}

Forgejo Runner

The runner executes CI/CD pipelines defined in .forgejo/workflows/.

Get Runner Token

Go to Forgejo Admin Panel
Navigate to Actions > Runners
Create a new runner and copy the token

Add to Secrets

sops hosts/cryodev-main/secrets.yaml

forgejo-runner:
  token: "your-runner-token"

Configuration

{
  sops.secrets."forgejo-runner/token" = { };
  
  services.gitea-actions-runner = {
    instances.default = {
      enable = true;
      url = "https://git.cryodev.xyz";
      tokenFile = config.sops.secrets."forgejo-runner/token".path;
      labels = [ "ubuntu-latest:docker://node:20" ];
    };
  };
}

CI/CD Workflows

deploy-rs Workflow

.forgejo/workflows/deploy.yaml:

name: Deploy
on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - name: Install Nix
        uses: cachix/install-nix-action@v24
        
      - name: Deploy
        env:
          SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
        run: |
          mkdir -p ~/.ssh
          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          nix run .#deploy

Administration

Create Admin User

sudo -u forgejo forgejo admin user create \
  --username admin \
  --password changeme \
  --email admin@cryodev.xyz \
  --admin

Reset User Password

sudo -u forgejo forgejo admin user change-password \
  --username USER \
  --password NEWPASS

Troubleshooting

Check Service Status

sudo systemctl status forgejo
sudo systemctl status gitea-runner-default

View Logs

sudo journalctl -u forgejo -f
sudo journalctl -u gitea-runner-default -f

Database Issues

Forgejo uses SQLite by default. Database location:

ls -la /var/lib/forgejo/data/

2.5 KiB Raw Blame History

Forgejo

References

Setup

DNS

Configuration

Forgejo Runner

Get Runner Token

Add to Secrets

Configuration

CI/CD Workflows

deploy-rs Workflow

Administration

Create Admin User

Reset User Password

Troubleshooting

Check Service Status

View Logs

Database Issues

2.5 KiB

Raw Blame History