new stuff

2026-05-12 00:42:09 +02:00
parent 21d959b592
commit 3d4cdaf6e9
7 changed files with 48 additions and 36 deletions
--- a/modules/server/containers/apps/gitea.nix
+++ b/modules/server/containers/apps/gitea.nix
@@ -8,6 +8,10 @@ in {
    path="${serverCfg.dataPath}/gitea/data";
    owner = "1000:1000";
    mode = "0755";
+  }{
+    path="${serverCfg.dataPath}/gitea/data-runner";
+    owner = "1000:1000";
+    mode = "0755";
  }];
  containers = {
    server = builder.mkContainer {
@@ -46,7 +50,6 @@ in {
        GITEA__server__DOMAIN = "${containerCfg.subdomain}.${serverCfg.hostDomain}";
        GITEA__server__ROOT_URL = "https://${containerCfg.subdomain}.${serverCfg.hostDomain}/";
        GITEA__server__PROTOCOL = "http";
-        # GITEA__server__USE_PROXY_PROTOCOL = true;
        GITEA__server__HTTP_PORT = "8080";
        GITEA__server__LFS_START_SERVER = "true";
        GITEA__security__INSTALL_LOCK = "true";
@@ -59,7 +62,7 @@ in {
        GITEA__service__ENABLE_REVERSE_PROXY_EMAIL = "true";
        GITEA__service__ENABLE_REVERSE_PROXY_FULL_NAME = "true";
        GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION = "true";
-        GITEA__security__REVERSE_PROXY_LOGOUT_REDIRECT = "https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/outpost.goauthentik.io/";
+        GITEA__security__REVERSE_PROXY_LOGOUT_REDIRECT = "https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/outpost.goauthentik.io/sign_out";
        GITEA__security__REVERSE_PROXY_AUTHENTICATION_USER = "X-authentik-username";
        GITEA__security__REVERSE_PROXY_AUTHENTICATION_EMAIL = "X-authentik-email";
        GITEA__security__REVERSE_PROXY_AUTHENTICATION_FULL_NAME = "X-authentik-name";
@@ -81,6 +84,24 @@ in {
        ports = [ "2222:22" ]; 
      };
    };
+
+    runner = builder.mkContainer {
+      image = "gitea/act_runner:${version}";
+      secret = name;
+      extraEnv = { 
+        CONFIG_FILE="/data/config.yml";
+        GITEA_INSTANCE_URL="https://${containerCfg.subdomain}.${serverCfg.hostDomain}";
+        GITHUB_INSTANCE_URL="https://${containerCfg.subdomain}.${serverCfg.hostDomain}";
+      };
+
+      overrides = {
+        volumes = [
+          "${serverCfg.dataPath}/gitea/data-runner:/data"
+          "/var/run/podman/podman.sock:/var/run/docker.sock"
+        ];
+        # ports = [ "8088:8088" ]; 
+      };
+    };
  };


@@ -90,9 +111,18 @@ in {
    script = pkgs.writeShellScript "setup" ''
      # Define the command wrapper
      GT="${pkgs.podman}/bin/podman --events-backend=none exec -u git gitea-server gitea"
+      GTR="${pkgs.podman}/bin/podman --events-backend=none exec -u git gitea-runner ./act_runner"

      $GT admin user create --username "$DEFAULT_ADMIN_USERNAME" --password "$DEFAULT_ADMIN_PASSWORD" --email "$DEFAULT_ADMIN_EMAIL" --admin || true
-      $GT admin user change --admin=true "$DEFAULT_ADMIN_USERNAME"  || true
+
+      RUNNER_TOKEN=$($GT actions generate-runner-token)
+      $GTR register \
+        --instance "https://${containerCfg.subdomain}.${serverCfg.hostDomain}" \
+        --token "$RUNNER_TOKEN" \
+        --name "Runner" \
+        --labels "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest-slim" \
+        --no-interactive
+

      echo "Completed Gitea Setup"
      '';