Finally fix gitea + actions

ServeNix/configuration.nix

@@ -15,6 +15,7 @@
     ./services/authelia.nix
     ./services/gitea.nix
     ./services/gitea-runner.nix
+    # ./services/gitlab.nix
     ./services/homepage.nix
     ./services/nginx-proxy-manager.nix
     ./services/pihole.nix
@@ -139,11 +140,21 @@
   users.users.christoph = {
     isNormalUser = true;
     description = "Christoph";
-    extraGroups = ["networkmanager" "wheel"];
+    extraGroups = ["networkmanager" "wheel" "docker"];
     shell = pkgs.fish;
     packages = with pkgs; [];
   };
 
+  users.users.git = {
+    uid = 500;
+    group = "git";
+    isNormalUser = false;
+    isSystemUser = true;
+    description = "Gitea User";
+    extraGroups = ["docker"];
+    shell = pkgs.fish;
+  };
+
   home-manager.users.christoph = {pkgs, ...}: {
     home.packages = with pkgs; [
       lazygit
@@ -256,11 +267,15 @@
       # PiHole requires these ports, as it's running in --net=host mode
       53
       80
+
+      3000 # Gitea runner needs to reach local gitea instance
     ];
     allowedUDPPorts = [
       # PiHole requires these ports, as it's running in --net=host mode
       53
       67 # PiHole DHCP
+
+      3000 # Gitea runner needs to reach local gitea instance
     ];
     # Or disable the firewall altogether.
     enable = true;

ServeNix/services/gitea-runner.nix

@@ -5,7 +5,10 @@
   ...
 }: {
   virtualisation.oci-containers.containers.gitea-runner = {
+    # Question: For gitea/act_runner dind set config.yaml/docker_host to "unix:///var/run/user/1000/docker.sock"?
     image = "gitea/act_runner:latest";
+    # image = "vegardit/gitea-act-runner:dind-latest";
+
     autoStart = true;
 
     dependsOn = [
@@ -16,20 +19,40 @@
 
     volumes = [
       "gitea-runner_data:/data"
+      "gitea-runner_config:/config" # Managed by env variables for vegardit image
 
-      "/var/run/docker.sock:/var/run/docker.sock"
+      # For rootless-dind
+      # "gitea-runner_rootless-docker-auth:/home/rootless/.docker"
+
+      # Cache dind pulled images
+      # "gitea-runner_overlay2:/var/lib/docker/overlay2"
+      # "gitea-runner_image:/var/lib/docker/image"
+
+    
+      "/var/run/docker.sock:/var/run/docker.sock" # Disable for dind
     ];
 
     environment = {
-      GITEA_INSTANCE_URL = "http://gitea:3000";
+      # NOTE: gitlab.local.chriphost.de doesn't work, because it gets resolved to 192.168.86.25:443, which is nginx
+      GITEA_INSTANCE_URL = "http://192.168.86.25:3000";
+      GITEA_RUNNER_NAME = "servenix";
+
+      # Can be generated from inside the container using act_runner generate-config > /config/config.yaml
+      CONFIG_FILE = "/config/config.yaml";
 
       # NOTE: This token is invalid, when re-registering is needed it has to be refreshed
-      GITEA_RUNNER_REGISTRATION_TOKEN = "nNNfjQOLmCVMdmx5rGZGCPYZwOH2jHVnQkFtaOYC";
+      GITEA_RUNNER_REGISTRATION_TOKEN = "2tYcfzALjmIKILPO4jnIdgfGO8RjBGIZCOoP4bYS";
-      GITEA_RUNNER_NAME = "servenix";
+
+      # These are for the specific vegardit/gitea-act-runner image
+      # GITEA_RUNNER_LOG_LEVEL = "debug";
+      # GITEA_INSTANCE_INSECURE = "true";
+      # GITEA_RUNNER_JOB_CONTAINER_NETWORK = "host"; # "host" for dind, "behind-nginx" otherwise
+      # GITEA_RUNNER_JOB_CONTAINER_PRIVILEGED = "true"; # Enable for dind
     };
 
     extraOptions = [
-      "--network=behind-nginx"
+      # "--privileged" # Enable for dind
+      "--net=behind-nginx"
     ];
   };
 }

ServeNix/services/gitea.nix

@@ -23,7 +23,7 @@
     };
 
     extraOptions = [
-      "--network=behind-nginx"
+      "--net=behind-nginx"
     ];
   };
 
@@ -50,9 +50,9 @@
     ];
 
     environment = {
-      USER = "christoph";
+      USER = "git";
-      USER_UID = "1000";
+      USER_UID = "500";
-      USER_GID = "100";
+      # USER_GID = "100";
 
       GITEA__database__DB_TYPE = "postgres";
       GITEA__database__HOST = "gitea-db:5432";
@@ -63,7 +63,7 @@
     };
 
     extraOptions = [
-      "--network=behind-nginx"
+      "--net=behind-nginx"
     ];
   };
 }