From bef123dfcf0c8ce10e0c6c65291d6c78f4e48f92 Mon Sep 17 00:00:00 2001
From: Price Hiller <price@orion-technologies.io>
Date: Wed, 31 Jan 2024 20:03:40 -0600
Subject: [PATCH] feat(luna): migrate fully to gitea

---
 README.org                            |  2 +-
 hosts/luna/modules/docker/gitlab.nix  |  5 ++++-
 hosts/luna/modules/services/gitea.nix | 21 +++++++++++++++++----
 secrets/default.nix                   |  1 +
 secrets/luna/gitea-runner-token.age   | 13 +++++++++++++
 5 files changed, 36 insertions(+), 6 deletions(-)
 create mode 100644 secrets/luna/gitea-runner-token.age

diff --git a/README.org b/README.org
index 53b94e8..20b427d 100644
--- a/README.org
+++ b/README.org
@@ -1,2 +1,2 @@
 * TODO Luna
-- [ ] Get a Gitea actions runner up for the new git server
\ No newline at end of file
+- [X] Get a Gitea actions runner up for the new git server
\ No newline at end of file
diff --git a/hosts/luna/modules/docker/gitlab.nix b/hosts/luna/modules/docker/gitlab.nix
index 3451782..3f74a27 100644
--- a/hosts/luna/modules/docker/gitlab.nix
+++ b/hosts/luna/modules/docker/gitlab.nix
@@ -1,7 +1,7 @@
 { config, specialArgs, fqdn, ... }:
 let
   gitlab_home = "/var/lib/gitlab";
-  gitlab_host = "gitlab.${fqdn}";
+  gitlab_host = "gitlab.old.${fqdn}";
 in
 {
   environment.persistence.save.directories = [
@@ -29,6 +29,9 @@ in
       "${gitlab_home}/logs:/var/log/gitlab"
       "${gitlab_home}/data:/var/opt/gitlab"
     ];
+    environment = {
+      GITLAB_OMNIBUS_CONFIG="external_url 'https://${gitlab_host}'; nginx['listen_https'] = false;";
+    };
     extraOptions = [
       "--shm-size=256m"
       "--hostname=${gitlab_host}"
diff --git a/hosts/luna/modules/services/gitea.nix b/hosts/luna/modules/services/gitea.nix
index ba82113..17c5c50 100644
--- a/hosts/luna/modules/services/gitea.nix
+++ b/hosts/luna/modules/services/gitea.nix
@@ -21,7 +21,7 @@ in {
     };
 
     gitea = {
-      appName = "Price Hiller's Git Repositories";
+      appName = "Gitea";
       enable = true;
       dump.enable = true;
       database = {
@@ -53,12 +53,25 @@ in {
         "repository.upload".FILE_MAX_SIZE = 1024;
       };
     };
-    # gitea-actions-runner.instances = {
-    #
-    # };
+    gitea-actions-runner.instances = {
+      default = {
+        enable = true;
+        url = config.services.gitea.settings.server.ROOT_URL;
+        tokenFile = config.age.secrets.gitea-runner-token.path;
+        name = "Default";
+        settings = {
+          runner.capacity = 8;
+        };
+        labels = [
+          "alpine:docker://alpine:latest"
+          "debian:docker://debian:latest"
+        ];
+      };
+    };
     nginx.virtualHosts."${gitea_host}" = {
       enableACME = true;
       forceSSL = true;
+      serverAliases = [ "gitlab.${fqdn}" ];
       locations."/".proxyPass =
         "http://${config.services.gitea.settings.server.HTTP_ADDR}:${
           builtins.toString config.services.gitea.settings.server.HTTP_PORT
diff --git a/secrets/default.nix b/secrets/default.nix
index 54f5db5..2fe7351 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -12,6 +12,7 @@ let
         root-pw = "${secrets}/root-hash-pw.age";
         gitlab-runner-reg-config = "${secrets}/gitlab-runner-reg-config.age";
         gitea-db-pass = "${secrets}/gitea-db-pass.age";
+        gitea-runner-token = "${secrets}/gitea-runner-token.age";
       };
   };
 in
diff --git a/secrets/luna/gitea-runner-token.age b/secrets/luna/gitea-runner-token.age
new file mode 100644
index 0000000..e0e07e2
--- /dev/null
+++ b/secrets/luna/gitea-runner-token.age
@@ -0,0 +1,13 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDFmRzBvdyBlUHdp
+cVNLL1JFQklDckkzL0U3a0FDUVZOZWhwZG1naVJqNVpoRVd5cmpZCmwwQ2ZvaUNj
+Nlh1MFNGYU1JYlAxT0pUdkoxci9FTmJsZ1lSRDZkY3pPWjAKLT4gcGl2LXAyNTYg
+ckpzMUhBIEFocExaRzlJRTBraGExcU1SeDlwc0doeFg0bVM2UTcyMmM5M0dCd0FW
+RWdhCnQxRkxTMGsrR3NCMXpUK1cwWnloL21qUHZqSFU3bWxFS0VkclpYWXBnbFEK
+LT4gTShmXXkvUS1ncmVhc2UgNzVuKF4mMyArPCV3eUcgMmBERXtCKFIKSDF3bC9S
+ck12T2hJTVpoR0svcnlqVVBMYk1zc0tSdGlQL012T1hZYm1veGJSSVAveU15dFJH
+V3FRK0NmZXF1UwpaR25sTUhEZUJRaFQxbTF2cGFCUUJIdEZ4a1l1NFlGRHlzQ0RO
+NkFOcnhvVAotLS0geGp3WVlLUjg1RnB0cnB2MGJoRk9rRkFDcmFsUnpXRWhkekpP
+cWRpLzZiQQrrB7VhL4u7FMMZeSI9ruONPo9wpa77+JH8y/g8Dm5ORaxp+OAOihAP
+D25jGbe5+KgTU/wQb5piJLAB2PyBl+2z57RXPXquZ9eJ85L+rb00
+-----END AGE ENCRYPTED FILE-----