merge pull request #3 from nixcafe/dev

feat: add forgejo and gitea-actions-runner service

modules/home/nixos/apps/instant-messengers/default.nix

@@ -11,5 +11,10 @@ let
   cfg = config.${namespace}.apps.instant-messengers;
 in
 {
-  config = lib.mkIf (cfg.enable && isLinux) { home.packages = with pkgs; [ signal-desktop ]; };
+  config = lib.mkIf (cfg.enable && isLinux) {
+    home.packages = with pkgs; [
+      signal-desktop
+      element-desktop
+    ];
+  };
 }

modules/nixos/services/docker/default.nix

@@ -22,7 +22,7 @@ in
     # the program that i have to use to do any work
     virtualisation.docker = {
       enable = true;
-      storageDriver = "btrfs";
+      storageDriver = if config.boot.isContainer then null else "btrfs";
     } // cfg.extraOptions;
 
     users.users.${config.${namespace}.user.name} = {

modules/nixos/services/forgejo/default.nix

@@ -0,0 +1,82 @@
+{
+  pkgs,
+  config,
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib) mkOption types mkBefore;
+
+  cfg = config.${namespace}.services.forgejo;
+in
+{
+  options.${namespace}.services.forgejo = with types; {
+    enable = lib.mkEnableOption "forgejo";
+    dbBackend = mkOption {
+      type = enum [
+        "sqlite"
+        "mysql"
+        "postgresql"
+      ];
+      default = "sqlite";
+      description = "To run forgejo after database service.";
+    };
+    useWizard = lib.mkEnableOption "forgejo use host config";
+    configFile = {
+      settingsPath = mkOption {
+        type = path;
+        default = "/etc/forgejo/conf/app.ini";
+        description = ''
+          If useWizard is enabled, the config files 
+          will be copied to ${config.services.forgejo.customDir}.
+          config manual ref: <https://forgejo.org/docs/latest/admin/config-cheat-sheet>
+        '';
+      };
+    };
+    settings = mkOption {
+      type = attrs;
+      default = { };
+    };
+    extraOptions = mkOption {
+      type = attrs;
+      default = { };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.forgejo = {
+      inherit (cfg) enable useWizard settings;
+      database.type =
+        if cfg.dbBackend == "sqlite" then
+          "sqlite3"
+        else
+          (if cfg.dbBackend == "postgresql" then "postgres" else cfg.dbBackend);
+    } // cfg.extraOptions;
+
+    systemd.services.forgejo = lib.mkIf cfg.useWizard (
+      let
+        configFile = "${cfg.configFile.settingsPath}";
+        runConfig = "${config.services.forgejo.customDir}/conf/app.ini";
+        pathConfig = "${config.services.forgejo.customDir}/conf/rootPath";
+        staticRootPath = config.services.forgejo.settings.server.STATIC_ROOT_PATH;
+        replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret";
+      in
+      {
+        preStart = mkBefore ''
+          function forgejo_custom_config {
+            if [ -s '${configFile}' ]; then
+              cp -f '${configFile}' '${runConfig}'
+              chmod u+w '${runConfig}'
+              echo '${staticRootPath}' > '${pathConfig}'
+              ${replaceSecretBin} '#staticRootPath#' '${pathConfig}' '${runConfig}'
+              rm -f '${pathConfig}'
+              chmod u-w '${runConfig}'
+            fi
+          }
+          (umask 027; forgejo_custom_config)
+        '';
+      }
+    );
+  };
+}

modules/nixos/services/forgejo/secrets/default.nix

@@ -0,0 +1,42 @@
+{
+  config,
+  lib,
+  namespace,
+  host,
+  ...
+}:
+let
+  inherit (lib) optional;
+  inherit (lib.${namespace}.secrets) mkAppSecretsOption;
+  inherit (config.${namespace}.secrets) files;
+
+  cfgParent = config.${namespace}.services.forgejo;
+  cfg = cfgParent.secrets;
+in
+{
+  options.${namespace}.services.forgejo.secrets = mkAppSecretsOption {
+    enable = cfgParent.enable && config.${namespace}.secrets.enable;
+    appName = "forgejo";
+    dirPath = "forgejo/conf";
+    fixedConfig = optional cfgParent.useWizard {
+      name = "settingsPath";
+      fileName = "app.ini";
+    };
+    scope = "hosts-global";
+    currentInfo = {
+      inherit host;
+      user = config.${namespace}.user.name;
+    };
+    buildTargetPath = name: files.${name}.path;
+    owner = "forgejo";
+    # Read-only
+    mode = "0400";
+  };
+
+  config = lib.mkIf cfg.enable {
+    # secrets
+    ${namespace}.secrets = cfg.secretMappingFiles;
+    # etc configuration default path: `/etc/forgejo/conf`
+    environment.etc = lib.mkIf cfg.etc.enable cfg.etc.files;
+  };
+}

modules/nixos/services/gitea-actions-runner/default.nix

@@ -0,0 +1,119 @@
+{
+  pkgs,
+  config,
+  lib,
+  namespace,
+  ...
+}:
+let
+  inherit (lib)
+    mkOption
+    mkEnableOption
+    mkPackageOption
+    types
+    optionals
+    concatMapAttrs
+    ;
+
+  cfgHostname = config.networking.hostName;
+  cfgDocker = config.${namespace}.services.docker;
+
+  cfg = config.${namespace}.services.gitea-actions-runner;
+in
+{
+  options.${namespace}.services.gitea-actions-runner = with types; {
+    enable = mkEnableOption "gitea actions runner";
+    package = mkPackageOption pkgs "gitea-actions-runner" { };
+    url = mkOption {
+      type = str;
+      example = "https://forge.example.com";
+      description = ''
+        Base URL of your Gitea/Forgejo instance.
+        instances default url.
+      '';
+    };
+    instances = mkOption {
+      type = attrsOf (
+        submodule (
+          { name, config, ... }:
+          {
+            options = {
+              enable = mkEnableOption "Gitea Actions Runner instance" // {
+                default = true;
+              };
+              name = mkOption {
+                type = str;
+                default = name;
+              };
+              url = mkOption {
+                type = str;
+                default = cfg.url;
+              };
+              tokenFile = mkOption {
+                type = nullOr (either str path);
+                default = "/etc/gitea-runner/env/${config.name}.env";
+                description = ''
+                  Path to an environment file, containing the `TOKEN` environment
+                  variable, that holds a token to register at the configured
+                  Gitea/Forgejo instance.
+                '';
+              };
+              labels = mkOption {
+                type = listOf str;
+                default = optionals cfgDocker.enable [
+                  "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+                  "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
+                  "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
+                ];
+                description = ''
+                  Labels used to map jobs to their runtime environment. Changing these
+                  labels currently requires a new registration token.
+
+                  Many common actions require bash, git and nodejs, as well as a filesystem
+                  that follows the filesystem hierarchy standard.
+                '';
+              };
+              settings = mkOption {
+                type = attrs;
+                default = { };
+                description = ''
+                  Configuration for `act_runner daemon`.
+                  See https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml for an example configuration
+                '';
+              };
+              extraOptions = mkOption {
+                type = attrs;
+                default = { };
+              };
+            };
+          }
+        )
+      );
+      default = {
+        ${cfgHostname} = { };
+      };
+    };
+    extraOptions = mkOption {
+      type = attrs;
+      default = { };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.gitea-actions-runner = {
+      inherit (cfg) package;
+      instances = concatMapAttrs (name: value: {
+        ${name} = {
+          inherit (value)
+            enable
+            name
+            url
+            tokenFile
+            labels
+            settings
+            ;
+        } // value.extraOptions;
+      }) cfg.instances;
+    } // cfg.extraOptions;
+  };
+}

modules/nixos/services/gitea-actions-runner/secrets/default.nix

@@ -0,0 +1,39 @@
+{
+  config,
+  lib,
+  namespace,
+  host,
+  ...
+}:
+let
+  inherit (lib) mapAttrsToList;
+  inherit (lib.${namespace}.secrets) mkAppSecretsOption;
+  inherit (config.${namespace}.secrets) files;
+
+  cfgParent = config.${namespace}.services.gitea-actions-runner;
+  cfg = cfgParent.secrets;
+in
+{
+  options.${namespace}.services.gitea-actions-runner.secrets = mkAppSecretsOption {
+    enable = cfgParent.enable && config.${namespace}.secrets.enable;
+    appName = "gitea actions runner";
+    dirPath = "gitea-runner/env";
+    scope = "hosts-global";
+    configNames = mapAttrsToList (_: value: "${value.name}.env") cfgParent.instances;
+    currentInfo = {
+      inherit host;
+      user = config.${namespace}.user.name;
+    };
+    buildTargetPath = name: files.${name}.path;
+    owner = "gitea-runner";
+    # Read-only
+    mode = "0400";
+  };
+
+  config = lib.mkIf cfg.enable {
+    # secrets
+    ${namespace}.secrets = cfg.secretMappingFiles;
+    # etc configuration default path: `/etc/gitea-runner/env`
+    environment.etc = lib.mkIf cfg.etc.enable cfg.etc.files;
+  };
+}