From 52f659b9b2f852ec17ff787782d6492c1a431cb8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?=
 <nicolas.jeannerod@moduscreate.com>
Date: Fri, 7 Feb 2025 19:38:16 +0100
Subject: [PATCH] Add a deployment for forgejo-ci

---
 infra/flake-part.nix               |  4 ++++
 infra/forgejo-ci/configuration.nix |  9 ++++++---
 infra/forgejo-ci/flake-part.nix    | 23 +++++++++++++++++++++++
 keys/systems/forgejo-ci.pub        |  1 +
 machines/machines.md               |  9 +++++----
 machines/machines.md.sh            |  3 ++-
 6 files changed, 41 insertions(+), 8 deletions(-)
 create mode 100644 infra/forgejo-ci/flake-part.nix
 create mode 100644 keys/systems/forgejo-ci.pub

diff --git a/infra/flake-part.nix b/infra/flake-part.nix
index 068bf6a6..9b467d37 100644
--- a/infra/flake-part.nix
+++ b/infra/flake-part.nix
@@ -155,6 +155,10 @@ let
 
 in
 {
+  # NOTE: `forgejo-ci`, being a physical machine and not a Proxmox VM, gets
+  # custom treatment.
+  imports = [ ./forgejo-ci/flake-part.nix ];
+
   ## - Each normal or test machine gets a NixOS configuration.
   ## - Each normal or test machine gets a VM options entry.
   ## - Each normal machine gets a deployment.
diff --git a/infra/forgejo-ci/configuration.nix b/infra/forgejo-ci/configuration.nix
index 69efa388..bfe55d24 100644
--- a/infra/forgejo-ci/configuration.nix
+++ b/infra/forgejo-ci/configuration.nix
@@ -38,7 +38,12 @@
 
   i18n.defaultLocale = "en_US.UTF-8";
 
-  users.users.root.hashedPassword = "$y$j9T$WXvLAUqArJJusuC017FCW0$.rfMOeyx/BsClkJFi5hLcynrSk.njWmfiB6Uy.9th3A";
+  users.users.root = {
+    hashedPassword = "$y$j9T$WXvLAUqArJJusuC017FCW0$.rfMOeyx/BsClkJFi5hLcynrSk.njWmfiB6Uy.9th3A";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEElREJN0AC7lbp+5X204pQ5r030IbgCllsIxyU3iiKY niols@wallace"
+    ];
+  };
 
   users.users.procolix = {
     isNormalUser = true;
@@ -81,7 +86,5 @@
 
   services.openssh.enable = true;
 
-  system.copySystemConfiguration = true;
-
   system.stateVersion = "24.11"; # don't change
 }
diff --git a/infra/forgejo-ci/flake-part.nix b/infra/forgejo-ci/flake-part.nix
new file mode 100644
index 00000000..4efed0f0
--- /dev/null
+++ b/infra/forgejo-ci/flake-part.nix
@@ -0,0 +1,23 @@
+{ inputs, ... }:
+
+{
+  nixops4Deployments.forgejo-ci =
+    { providers, ... }:
+    {
+      providers.local = inputs.nixops4.modules.nixops4Provider.local;
+
+      resources.forgejo-ci = {
+        type = providers.local.exec;
+        imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ];
+
+        ssh = {
+          host = "45.142.234.216";
+          opts = "-J orianne";
+          hostPublicKey = (import ../../keys).systems.forgejo-ci;
+        };
+
+        nixpkgs = inputs.nixpkgs;
+        nixos.module = import ./configuration.nix;
+      };
+    };
+}
diff --git a/keys/systems/forgejo-ci.pub b/keys/systems/forgejo-ci.pub
new file mode 100644
index 00000000..d783c4b6
--- /dev/null
+++ b/keys/systems/forgejo-ci.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFXQW5fxJoNY9wtTMsNExgbAbvyljIRGBLjY+USh/0A
diff --git a/machines/machines.md b/machines/machines.md
index e2c49c0c..72204328 100644
--- a/machines/machines.md
+++ b/machines/machines.md
@@ -7,9 +7,10 @@ Currently, this repository keeps track of the following VMs:
 
 Machine | Proxmox | Description
 --------|---------|-------------
-[`fedi200`](./fedi200) | fediversity | Testing machine for Hans
-[`fedi201`](./fedi201) | fediversity | FediPanel
-[`vm02116`](./vm02116) | procolix | Forgejo
-[`vm02187`](./vm02187) | procolix | Wiki
+[`fedi200`](./dev/fedi200) | fediversity | Testing machine for Hans
+[`fedi201`](./dev/fedi201) | fediversity | FediPanel
+[`vm02116`](./dev/vm02116) | procolix | Forgejo
+[`vm02187`](./dev/vm02187) | procolix | Wiki
+| `forgejo-ci` | n/a (physical) | Forgejo actions runner |
 
 This table excludes all machines with names starting with `test`.
diff --git a/machines/machines.md.sh b/machines/machines.md.sh
index d523e127..c5584b4b 100644
--- a/machines/machines.md.sh
+++ b/machines/machines.md.sh
@@ -32,11 +32,12 @@ for machine in $(echo "$vmOptions" | jq -r 'keys[]'); do
     description=$(echo "$vmOptions" | jq -r ".$machine.description" | head -n 1)
 
     # shellcheck disable=SC2016
-    printf '[`%s`](./%s) | %s | %s\n' "$machine" "$machine" "$proxmox" "$description"
+    printf '[`%s`](./dev/%s) | %s | %s\n' "$machine" "$machine" "$proxmox" "$description"
   fi
 done
 
 cat <<\EOF
+| `forgejo-ci` | n/a (physical) | Forgejo actions runner |
 
 This table excludes all machines with names starting with `test`.
 EOF