From 5c529a023321973587d1184ab793d11dcbb07db8 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Sun, 17 Sep 2023 04:05:08 +0200
Subject: [PATCH] Fix gitea runners, add 2 more

The gitea runners are now activated correctly,
has support for both debian and ubuntu based systems,
and can will connect to the gitea server through the
loopback interface
---
 hosts/bekkalokk/services/gitea/ci.nix | 40 ++++++++++++++++++---------
 secrets/bekkalokk/bekkalokk.yaml      |  9 ++++--
 2 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/hosts/bekkalokk/services/gitea/ci.nix b/hosts/bekkalokk/services/gitea/ci.nix
index a31291a..c33c72d 100644
--- a/hosts/bekkalokk/services/gitea/ci.nix
+++ b/hosts/bekkalokk/services/gitea/ci.nix
@@ -1,16 +1,30 @@
-{ config, ... }:
-{
-  sops.secrets."gitea/runner-token" = { };
+{ config, lib, values, ... }:
+let
+  mkRunner = name: {
+    # This is unfortunately state, and has to be generated one at a time :(
+    # To do that, comment out all except one of the runners, fill in its token
+    # inside the sops file, rebuild the system, and only after this runner has
+    # successfully registered will gitea give you the next token.
+    # - oysteikt Sep 2023
+    sops.secrets."gitea/runners/${name}".restartUnits = [
+      "gitea-runner-${name}.service"
+    ];
 
-  services.gitea-actions-runner.instances = {
-    runner1 = {
-      url = "https://git-runner1.pvv.ntnu.no";
-      name = "git-runner1";
-      labels = [
-        "debian-latest:docker://node:18-bullseye"
-      ];
-      enable = true;
-			tokenFile = config.sops.secrets."gitea/runner-token".path;
+    services.gitea-actions-runner.instances = {
+      ${name} = {
+        enable = true;
+        name = "git-runner-${name}"; url = "https://git.pvv.ntnu.no";
+        labels = [
+	  "debian-latest:docker://node:18-bullseye"
+	  "ubuntu-latest:docker://node:18-bullseye"
+	];
+        tokenFile = config.sops.secrets."gitea/runners/${name}".path;
+      };
     };
   };
-}
\ No newline at end of file
+in
+lib.mkMerge [
+  (mkRunner "alpha")
+  (mkRunner "beta")
+  (mkRunner "epsilon")
+]
diff --git a/secrets/bekkalokk/bekkalokk.yaml b/secrets/bekkalokk/bekkalokk.yaml
index c1f8284..ca9dc31 100644
--- a/secrets/bekkalokk/bekkalokk.yaml
+++ b/secrets/bekkalokk/bekkalokk.yaml
@@ -4,7 +4,10 @@ gitea:
     passwd-ssh-key: ENC[AES256_GCM,data:L0lF0wvpayss1NU9m3A45cH0bCMQzODTFVrq6EPd1JHx54wIcoaRBYLmxXKXASzBlCg9zlwXMUIk3OQcS3kdzMKL0iqcSL2iicAcKjFIHyrWLqXgwV5pRSP/tRPcVw8KW8gz0bh33EgESs5ReddZ3VZ0Cy1s2YupMRQvBXr89k1+Hv70OWB6P06hvxhv/zKcMGI1N/dWLroMgrQuT9imw4+/Q1RqwzTYeEU+eUn24AM9GjcBg4qf3OI+6g0nXUat/upIYE28iF5J3lbUSmDSmirBLc8xgHLdOyyJPTObWYWYxlSL78T7IqiMm9lI3rtBlpJDDcn/YxZpVqN5bg2154GISNK+uR0TVSLdJ+drdGHIfIX3G78XSxf2L9rbJyRn8MQlgStfdBIQicLavQKVMrmj+XQfvEMez23WbPLjH4oViBQFI+GrOHOGy/f16cz8Sn4n+69OcsOeTxs3tKYdfq6r1XLYSJ/fe/zvxBpaZiyGXljsuyEdIyBL2A8D6uSXe3Nd3/DAdBtceFfIdN1olCdutixzVWgxaJnrel161z5A/4w=,iv:Uy46yY3jFYSvpxrgCHxRMUksnWfhf5DViLMvCXVMMl4=,tag:wFEJ5+icFrOKkc56gY0A5g==,type:str]
     ssh-known-hosts: ENC[AES256_GCM,data:zlRLoelQeumMxGqPmgMTB69X1RVWXIs2jWwc67lk0wrdNOHUs5UzV5TUA1JnQ43RslBU92+js7DkyvE5enGzw7zZE5F1ZYdGv/eCgvkTMC9BoLfzHzP6OzayPLYEt3xJ5PRocN8JUAD55cuu4LgsuebuydHPi2oWOfpbSUBKSeCh6dvk5Pp1XRDprPS5SzGLW8Xjq98QlzmfGv50meI9CDJZVF9Wq/72gkyfgtb3YVdr,iv:AF06TBitHegfWk6w07CdkHklh4ripQCmA45vswDQgss=,tag:zKh7WVXMJN2o9ZIwIkby3Q==,type:str]
     import-user-env: ENC[AES256_GCM,data:vfaqjGEnUM9VtOPvBurz7nFwzGZt3L2EqijrQej4wiOcGCrRA4tN6kBV6NmhHqlFPsw=,iv:viPGkyOOacCWcgTu25da4qH7DC4wz2qdeC1W2WcMUdI=,tag:BllNqGQoaxqUo3lTz9LGnw==,type:str]
-    runner-token: ENC[AES256_GCM,data:QJYv1j1NilmU2rmvuSKvHv6FTPh6aYKLp0TfysjkfcIbq1QXh+90KhKKE4u5QA==,iv:ezNn8xg+tZZAA3+eV9HINwRkwNmglfugRHsJgP5CJzg=,tag:keSExypBg6DMtfxtVZR1HQ==,type:str]
+    runners:
+        alpha: ENC[AES256_GCM,data:gARxCufePz+EMVwEwRsL2iZUfh9HUowWqtb7Juz3fImeeAdbt+k3DvL/Nwgegg==,iv:3fEaWd7v7uLGTy2J7EFQGfN0ztI0uCOJRz5Mw8V5UOU=,tag:Aa6LwWeW2hfDz1SqEhUJpA==,type:str]
+        beta: ENC[AES256_GCM,data:DVjS78IKWiWgf+PuijCZKx4ZaEJGhQr7vl+lc7QOg1JlA4p9Kux/tOD8+f2+jA==,iv:tk3Xk7lKWNdZ035+QVIhxXy2iJbHwunI4jRFM4It46E=,tag:9Mr6o//svYEyYhSvzkOXMg==,type:str]
+        epsilon: ENC[AES256_GCM,data:JMnZVBdiy+5oPyXgDpfYvy7qLzIEfHy09fQSBDpNG4zDXTil2pSKBKxk09h5xg==,iv:/8oXKJW6+sMBjDt51MqVAWjQPM5nk02Lv5QqbZsZ5ms=,tag:+Rx7ursfVWc0EcExCLgLhQ==,type:str]
 mediawiki:
     password: ENC[AES256_GCM,data:HsBuA1E7187roGnKuFPfPDYxA16GFjAUucgUtrdUFmcOzmTNiFH+NWY2ZQ==,iv:vDYUmmZftcrkDtJxNYKAJSx9j+AQcmQarC62QRHR4IM=,tag:3TKjNrGRivFWoK3djC748g==,type:str]
     database: ENC[AES256_GCM,data:EvVK3Mo6cZiIZS+gTxixU4r9SXN41VqwaWOtortZRNH+WPJ4xcYvzYMJNg==,iv:JtFTRLn3fzKIfgAPRqRgQjct7EdkEHtiyQKPy8/sZ2Q=,tag:nqzseG6BC0X5UNI/3kZZ3A==,type:str]
@@ -43,8 +46,8 @@ sops:
             akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX
             GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-09-16T22:28:05Z"
-    mac: ENC[AES256_GCM,data:BZ2P4XgZ3NyPLtXLuoHqDizJ5nqlLrAQYWolPfGNgXPfN1bsTB3Tum2pMT9A7FipC2ybELXu6oAl/macQcjKVUQ086t6Isc9TOzgSLPjXyebuvKCKvy2mE/QuonoBHEElrdGaj5oU4yRGw0BOEqb3L4Usu4HaesvbVoVs7XKilA=,iv:wmt81NplHswtjAc43P38mXUvz0pjGnoExTY9KSgJblo=,tag:fJBHbeIMI0LW3nzucuzybg==,type:str]
+    lastmodified: "2023-09-17T02:02:24Z"
+    mac: ENC[AES256_GCM,data:Lkvj9UOdE/WZtFReMs6n8ucFuJNPb76ZhPHFpYAEqYEe8d9FdMPMzq05DBAJe9IqpFS0jc9SWxJUPHfGgoMR8nPciZuR/mpJ+4s/cRkPbApwBPcLlvatE/qkbcxzoLlb1vN0gth5G/U7UEfk5Pp9gIz6Yo4sEIS3Za42tId1MpI=,iv:s3VELgU/RJ98/lbQV3vPtOLXtwFzB3KlY7bMKbAzp/g=,tag:D8s0XyGnd8UhbCseB/TyFg==,type:str]
     pgp:
         - created_at: "2023-05-21T00:28:40Z"
           enc: |