comment forgejo actions runner

nginx group acme
unforce ssl
2025-08-06 21:09:31 +02:00 · 2025-08-06 21:07:40 +02:00 · 2025-08-06 21:07:19 +02:00 · 2025-08-06 21:06:53 +02:00
2 changed files with 6 additions and 5 deletions
--- a/machines/dev/forgejo-ci/default.nix
+++ b/machines/dev/forgejo-ci/default.nix
@ -39,7 +39,7 @@ in
      _class = "nixos";

      imports = [
-        ./forgejo-actions-runner.nix
+        # ./forgejo-actions-runner.nix
        ./woodpecker.nix
      ];

--- a/machines/dev/forgejo-ci/woodpecker.nix
+++ b/machines/dev/forgejo-ci/woodpecker.nix
@ -15,6 +15,8 @@
    woodpecker-agent-docker = { };
  };

+  users.users.nginx.extraGroups = [ "acme" ];
+
  age.secrets =
    lib.mapAttrs
      (_: group: {
@ -175,10 +177,7 @@
      recommendedTlsSettings = true;
      virtualHosts."woodpecker.fediversity.eu" = {
        enableACME = true;
-        forceSSL = true;
-        locations."/.well-known/acme-challenge/" = {
-          root = "/var/lib/acme/woodpecker.fediversity.eu";
-        };
+        # forceSSL = true;
        locations."/" = {
          recommendedProxySettings = true;
          proxyPass = "http://127.0.0.1:8000";
@ -211,6 +210,8 @@
        22
        80
        443
+        8000
+        9000
      ];
      # needed for podman to be able to talk over dns
      interfaces."podman+" = {
Author	SHA1	Message	Date
Kiara Grouwstra	6da6cc678a	comment forgejo actions runner	2025-08-06 21:09:31 +02:00
Kiara Grouwstra	b415e5d597	nginx group acme	2025-08-06 21:07:40 +02:00
Kiara Grouwstra	7cfcf39209	unforce ssl	2025-08-06 21:07:19 +02:00
Kiara Grouwstra	2feb245231	try more firewall holes	2025-08-06 21:06:53 +02:00