new stuff

modules/server/containers/apps/authentik.nix

@@ -64,14 +64,12 @@ in {
         "AUTHENTIK_DISABLE_UPDATE_CHECK" = "true";
         "AUTHENTIK_POSTGRESQL__SSLMODE" = "disable";
       };
-      # extraOptions = [ "--user=:994" ]; #PODMAN GROUP FOR SOCKET ACCESS
       overrides = {
         cmd = [ "worker" ];
         volumes = [
           "${serverCfg.configPath}/authentik/media:/media"
           "${serverCfg.configPath}/authentik/templates:/templates"
           "${authentikData}:/blueprints/custom:ro"
-          # "/var/run/podman/podman.sock:/var/run/docker.sock" #PODMAN GROUP FOR SOCKET ACCESS
         ];
       };
     };

modules/server/containers/apps/ethercalc.nix

@@ -2,9 +2,7 @@
 let 
   serverCfg = config.syscfg.server;
   ethercalc_exe = pkgs.ethercalc;
-  settings = pkgs.writeText"settings.json" (builtins.toJSON {
-    title= "\${TITLE:Ethercalc}";
-  });
+
   image = pkgs.dockerTools.streamLayeredImage {
     name = "ethercalc";
     tag = ethercalc_exe.version;
@@ -15,7 +13,10 @@ let
     };
   };
 in {
-  paths = [];
+  paths = [{
+    path="${serverCfg.dataPath}/etherpad/";
+    mode = "0666";
+  }];
 
   containers = {
     server = builder.mkContainer {
@@ -25,33 +26,13 @@ in {
       ip = containerCfg.ip;
       secret = name;
       extraEnv = {
-        TITLE = "Calc";
-        PORT = "8080";
-        DB_TYPE = "postgres";
-        DB_HOST = builder.host;
-        DB_NAME = "ethercalc_db";
-        DB_USER = "ethercalc_user";
-        DB_CHARSET = "utf8mb4";
-        TRUST_PROXY = "true";
-        DEFAULT_CALC_TEXT = "";
-        SKIN_VARIANTS = "super-dark-toolbar light-editor dark-background";
+        ETHERCALC_PORT = "8080";
       };
       overrides = {
-        cmd = [ "--settings" "/etc/ethercalc/settings.json" "--apikey" "./APIKEY.txt" ];
         volumes = [
-          "${settings}:/etc/ethercalc/settings.json"
+          "${serverCfg.dataPath}/ethercalc:/data"
         ];
        };
     };
   };
-
-  setup = {
-    trigger = "server";
-    script = pkgs.writeShellScript "setup" ''
-      # Define the command wrapper
-      EXEC="${pkgs.podman}/bin/podman --events-backend=none exec --env-file ${config.sops.secrets."CUSTOM".path} ethercalc-server sh -c"
-      $EXEC "echo \"$APIKEY\" > ./APIKEY.txt"
-    '';
-  };
-
 }

modules/server/containers/apps/etherpad.nix

@@ -120,5 +120,4 @@ in {
       chmod 444 ${serverCfg.configPath}/etherpad/APIKEY.txt
     '';
   };
-
 }

modules/server/containers/apps/gitea.nix

@@ -8,6 +8,10 @@ in {
     path="${serverCfg.dataPath}/gitea/data";
     owner = "1000:1000";
     mode = "0755";
+  }{
+    path="${serverCfg.dataPath}/gitea/data-runner";
+    owner = "1000:1000";
+    mode = "0755";
   }];
   containers = {
     server = builder.mkContainer {
@@ -46,7 +50,6 @@ in {
         GITEA__server__DOMAIN = "${containerCfg.subdomain}.${serverCfg.hostDomain}";
         GITEA__server__ROOT_URL = "https://${containerCfg.subdomain}.${serverCfg.hostDomain}/";
         GITEA__server__PROTOCOL = "http";
-        # GITEA__server__USE_PROXY_PROTOCOL = true;
         GITEA__server__HTTP_PORT = "8080";
         GITEA__server__LFS_START_SERVER = "true";
         GITEA__security__INSTALL_LOCK = "true";
@@ -59,7 +62,7 @@ in {
         GITEA__service__ENABLE_REVERSE_PROXY_EMAIL = "true";
         GITEA__service__ENABLE_REVERSE_PROXY_FULL_NAME = "true";
         GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION = "true";
-        GITEA__security__REVERSE_PROXY_LOGOUT_REDIRECT = "https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/outpost.goauthentik.io/";
+        GITEA__security__REVERSE_PROXY_LOGOUT_REDIRECT = "https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/outpost.goauthentik.io/sign_out";
         GITEA__security__REVERSE_PROXY_AUTHENTICATION_USER = "X-authentik-username";
         GITEA__security__REVERSE_PROXY_AUTHENTICATION_EMAIL = "X-authentik-email";
         GITEA__security__REVERSE_PROXY_AUTHENTICATION_FULL_NAME = "X-authentik-name";
@@ -81,6 +84,24 @@ in {
         ports = [ "2222:22" ]; 
       };
     };
+
+    runner = builder.mkContainer {
+      image = "gitea/act_runner:${version}";
+      secret = name;
+      extraEnv = { 
+        CONFIG_FILE="/data/config.yml";
+        GITEA_INSTANCE_URL="https://${containerCfg.subdomain}.${serverCfg.hostDomain}";
+        GITHUB_INSTANCE_URL="https://${containerCfg.subdomain}.${serverCfg.hostDomain}";
+      };
+
+      overrides = {
+        volumes = [
+          "${serverCfg.dataPath}/gitea/data-runner:/data"
+          "/var/run/podman/podman.sock:/var/run/docker.sock"
+        ];
+        # ports = [ "8088:8088" ]; 
+      };
+    };
   };
 
 
@@ -90,9 +111,18 @@ in {
     script = pkgs.writeShellScript "setup" ''
       # Define the command wrapper
       GT="${pkgs.podman}/bin/podman --events-backend=none exec -u git gitea-server gitea"
+      GTR="${pkgs.podman}/bin/podman --events-backend=none exec -u git gitea-runner ./act_runner"
 
       $GT admin user create --username "$DEFAULT_ADMIN_USERNAME" --password "$DEFAULT_ADMIN_PASSWORD" --email "$DEFAULT_ADMIN_EMAIL" --admin || true
-      $GT admin user change --admin=true "$DEFAULT_ADMIN_USERNAME"  || true
+
+      RUNNER_TOKEN=$($GT actions generate-runner-token)
+      $GTR register \
+        --instance "https://${containerCfg.subdomain}.${serverCfg.hostDomain}" \
+        --token "$RUNNER_TOKEN" \
+        --name "Runner" \
+        --labels "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest-slim" \
+        --no-interactive
+
 
       echo "Completed Gitea Setup"
       '';