gitea: add actions runner and CI/CD deploy workflow

This will avoid me having to run "deploy" myself on my laptop. All I will need to do is push a commit and it will self-deploy.
2026-03-30 17:26:21 -04:00
parent e4feaa35ad
commit 5375f8ee34
18 changed files with 237 additions and 7 deletions
--- a/configuration.nix
+++ b/configuration.nix
@@ -26,6 +26,7 @@
    ./services/caddy.nix
    ./services/immich.nix
    ./services/gitea.nix
+    ./services/gitea-actions-runner.nix
    ./services/minecraft.nix

    ./services/wg.nix
@@ -73,6 +74,18 @@
    ./services/mollysocket.nix
  ];

+  # Hosts entries for CI/CD deploy targets
+  networking.hosts."192.168.1.50" = [ "server-public" ];
+  networking.hosts."192.168.1.223" = [ "desktop" ];
+
+  # SSH known_hosts for CI runner (pinned host keys)
+  environment.etc."ci-known-hosts".text = ''
+    server-public ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFMjgaMnE+zS7tL+m5E7gh9Q9U1zurLdmU0qcmEmaucu
+    192.168.1.50 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFMjgaMnE+zS7tL+m5E7gh9Q9U1zurLdmU0qcmEmaucu
+    git.sigkill.computer ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFMjgaMnE+zS7tL+m5E7gh9Q9U1zurLdmU0qcmEmaucu
+    git.gardling.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFMjgaMnE+zS7tL+m5E7gh9Q9U1zurLdmU0qcmEmaucu
+  '';
+
  services.kmscon.enable = true;

  systemd.targets = {
@@ -249,6 +262,14 @@

  users.groups.${service_configs.media_group} = { };

+  users.users.gitea-runner = {
+    isSystemUser = true;
+    group = "gitea-runner";
+    home = "/var/lib/gitea-runner";
+    description = "Gitea Actions CI runner";
+  };
+  users.groups.gitea-runner = { };
+
  users.users.${username} = {
    isNormalUser = true;
    extraGroups = [