From b3977d8d74b823c41ca3eaf70ca577aaa15dd994 Mon Sep 17 00:00:00 2001
From: Nydragon <contact@ccnlc.eu>
Date: Fri, 31 Jan 2025 15:10:32 +0100
Subject: [PATCH] feat: add meta option and move forgejo-runner to dedicated
 file

---
 hosts/raptus/default.nix        | 54 ++++++++++++++++++---------------
 hosts/raptus/forgejo-runner.nix | 49 ++++++++++++++++++++++++++++++
 hosts/raptus/forgejo.nix        | 15 ---------
 options/default.nix             |  1 +
 options/meta.nix                | 14 +++++++++
 parts/lib/functions.nix         |  5 ++-
 6 files changed, 97 insertions(+), 41 deletions(-)
 create mode 100644 hosts/raptus/forgejo-runner.nix
 create mode 100644 options/meta.nix

diff --git a/hosts/raptus/default.nix b/hosts/raptus/default.nix
index f2b1ff6..95bf824 100644
--- a/hosts/raptus/default.nix
+++ b/hosts/raptus/default.nix
@@ -14,6 +14,7 @@ in
     (modulesPath + "/profiles/qemu-guest.nix")
     ./disk-config.nix
     ./forgejo.nix
+    ./forgejo-runner.nix
     ./headscale
     ./fail2ban.nix
   ];
@@ -41,7 +42,7 @@ in
       settings = {
         server = {
           url = "https://rusty.ccnlc.eu";
-          max_content_length = "50MB";
+          max_content_length = "1000MB";
           timeout = "30s";
           expose_version = false;
           expose_list = false;
@@ -76,8 +77,6 @@ in
     };
   };
 
-  services.headscale.enable = true;
-
   networking = {
     nftables.enable = true;
     firewall = {
@@ -85,37 +84,42 @@ in
       allowedTCPPorts = [
         80 # for acme challenges
         443
-      ] ++ [ config.services.endlessh.port ];
+      ];
     };
   };
 
   age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
 
-  security.acme.defaults.email = "admin@ccnlc.eu";
-  security.acme.acceptTerms = true;
+  security = {
+    polkit.enable = true;
 
-  services.nginx = {
-    package = pkgs.nginxQuic;
-    enable = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-    clientMaxBodySize = "50M";
-    virtualHosts = builtins.listToAttrs [
-      (mkVHost "rusty.ccnlc.eu" 8000 true)
-    ];
+    acme = {
+      defaults.email = "admin@ccnlc.eu";
+      acceptTerms = true;
+    };
   };
 
-  services.endlessh = {
-    enable = true;
-    port = 22;
+  services = {
+    fail2ban.enable = true;
+    headscale.enable = true;
+
+    nginx = {
+      package = pkgs.nginxQuic;
+      enable = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      clientMaxBodySize = "100M";
+      virtualHosts = builtins.listToAttrs [
+        (mkVHost "rusty.ccnlc.eu" 8000 true)
+      ];
+    };
+
+    endlessh = {
+      enable = true;
+      port = 22;
+      openFirewall = true;
+    };
   };
 
-  services.fail2ban.enable = true;
-
-  environment.systemPackages = map lib.lowPrio [
-    pkgs.curl
-    pkgs.gitMinimal
-  ];
-
   system.stateVersion = "24.11";
 }
diff --git a/hosts/raptus/forgejo-runner.nix b/hosts/raptus/forgejo-runner.nix
new file mode 100644
index 0000000..96b2a1f
--- /dev/null
+++ b/hosts/raptus/forgejo-runner.nix
@@ -0,0 +1,49 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  inherit (lib) mkIf;
+  inherit (config.modules.meta) hostname;
+
+  cfg = config.services.forgejo;
+in
+{
+  config = mkIf cfg.enable {
+    services.gitea-actions-runner = {
+      package = pkgs.forgejo-runner;
+
+      instances."${hostname}" = {
+        enable = true;
+        name = "${hostname}";
+        tokenFile = config.age.secrets.forgejo-runner-token.path;
+        url = "https://git.ccnlc.eu";
+
+        labels = [
+          "debian-latest:docker://node:18-bullseye"
+          "ubuntu-latest:docker://node:18-bullseye"
+        ];
+      };
+
+      settings = {
+        runner = {
+          capacity = 2;
+          timeout = "2h";
+
+          shutdown_timeout = "5s";
+        };
+
+        cache.enabled = true;
+
+        container = {
+          force_pull = false;
+          force_rebuild = false;
+        };
+      };
+    };
+
+    virtualisation.docker.enable = true;
+  };
+}
diff --git a/hosts/raptus/forgejo.nix b/hosts/raptus/forgejo.nix
index a545684..0d11275 100644
--- a/hosts/raptus/forgejo.nix
+++ b/hosts/raptus/forgejo.nix
@@ -16,21 +16,6 @@ in
       "L+ ${config.services.forgejo.customDir}/public/robots.txt - - - - ${robots.outPath}"
     ];
 
-  services.gitea-actions-runner = {
-    instances."raptus" = {
-      enable = true;
-      name = "raptus";
-      tokenFile = config.age.secrets.forgejo-runner-token.path;
-      url = "https://git.ccnlc.eu";
-      labels = [
-        "debian-latest:docker://node:18-bullseye"
-        "nixos:docker://ghcr.io/nydragon/runner@sha256:2d353515d7461fe493cb69f538ebf188944b0de8fd2613a652636fc75098acac"
-      ];
-    };
-  };
-
-  virtualisation.docker.enable = true;
-
   networking.firewall.allowedTCPPorts = [ sshPort ];
 
   services.nginx = {
diff --git a/options/default.nix b/options/default.nix
index d8ad863..320fab8 100644
--- a/options/default.nix
+++ b/options/default.nix
@@ -2,6 +2,7 @@
   imports = [
     ./media.nix
     ./fs.nix
+    ./meta.nix
 
     ./services
     ./system
diff --git a/options/meta.nix b/options/meta.nix
new file mode 100644
index 0000000..93601a9
--- /dev/null
+++ b/options/meta.nix
@@ -0,0 +1,14 @@
+{ lib, ... }:
+let
+  inherit (lib) mkOption;
+  inherit (lib.types) nullOr str;
+in
+{
+  options.modules.meta = {
+    hostname = mkOption {
+      default = null;
+      type = nullOr str;
+      description = "The system's hostname.";
+    };
+  };
+}
diff --git a/parts/lib/functions.nix b/parts/lib/functions.nix
index 0a1577e..ec77c0c 100644
--- a/parts/lib/functions.nix
+++ b/parts/lib/functions.nix
@@ -43,7 +43,10 @@ in
           "${self}/hosts/${hostname}"
           "${self}/options"
           "${self}/modules"
-          { networking.hostName = hostname; }
+          {
+            modules.meta.hostname = hostname;
+            networking.hostName = hostname;
+          }
         ] ++ extraModules;
         specialArgs = {
           inherit inputs inputs';