fix(nix): add forgejo actions runner

2025-08-15 15:07:10 +00:00 · 2025-08-15 15:07:10 +00:00 · acc139d714
commit acc139d714
parent 809c6d73b8
5 changed files with 45 additions and 1 deletions
--- a/nix/hosts/chaewon/home.nix
+++ b/nix/hosts/chaewon/home.nix
@ -13,6 +13,7 @@
      tailscale

      nginx
+      docker
    ];
  in packages;
 }
--- a/nix/hosts/chaewon/sys.nix
+++ b/nix/hosts/chaewon/sys.nix
@ -1,5 +1,5 @@
 { inputs, config, pkgs, lib, ... }: {
-  imports = [ ./hw.nix ];
+  imports = [ ./hw.nix ../../modules/secrets.nix ];

  time.timeZone = "America/New_York";

@ -156,6 +156,25 @@
    };
  };

+  virtualisation.docker.enable = true;
+
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-actions-runner;
+    instances.default = {
+      enable = true;
+      name = "monolith";
+      url = "https://git.priime.dev";
+      tokenFile = config.age.secrets.forgejo-runner-token.path;
+      # Default labels
+      labels = [
+        "ubuntu-latest:docker://node:16-bullseye"
+        "ubuntu-22.04:docker://node:16-bullseye"
+        "ubuntu-20.04:docker://node:16-bullseye"
+        "ubuntu-18.04:docker://node:16-buster"
+      ];
+    };
+  };
+
  services.tailscale.enable = true;

  services.thelounge.enable = true;
--- a/nix/modules/secrets.nix
+++ b/nix/modules/secrets.nix
@ -0,0 +1,6 @@
+{ config, ... }:
+{
+  age.secrets = {
+    forgejo-runner-token.file = ../../secrets/forgejo-runner-token.age;
+  };
+}
--- a/secrets/forgejo-runner-token.age
+++ b/secrets/forgejo-runner-token.age
@ -0,0 +1,11 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEIrN21jdyBtaVpU
+dzJYS0VRTGh5R2kzQWtZSHYwWTdVNWJMLzFMSG9SZnNmeHRxWGprCnRyb2JLMlVt
+d0xTRnFSKzlpNXROYjRiTGlMeWNEM041aHYrVllPS2dWL2MKLT4gc3NoLWVkMjU1
+MTkgN045S1hnIG9HSlJ5bGlIQVRQK2t5TVBrSXJ1OTdBRjg4bll1ZHRad2RtMVMr
+ZDBoWGMKZGExMUhVWEdQYkpoYXgvazAwcC9CSDkxYkREdmF5WGR1RDJUdEJTb2Jt
+OAotPiBQPkdRLGJsLWdyZWFzZQpyWDdGQnRyb2hmelUzZTE4TWlRZEpHYktBQUJ0
+MHJNCi0tLSBSaEF2NXRaOFpYZlpLNk1Jd1BRVGVRYjJVTkZBd0V1YjJFMjN5V0Ra
+dW9ZCvZH5Mz7x4CfsVjVBYm/Lh0f1O6y9FiA5aONR7a6LA4lNMWwwjNXhFLMASG6
+tBIipz5c6+5WHx/Vlw7SENZ3szFotWYsofyCF8mEJ1E1NA==
+-----END AGE ENCRYPTED FILE-----
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,7 @@
+let
+  main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBGpnPYxrYnmtFaf591Q80FQPb01dqTwlH58V6uRa7Fi";
+  chaewon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3rS/k+1jaTtly0/SHvYZ8yy2LJqNk/5HN0wdGRpoqa";
+in
+{
+  "forgejo-runner-token.age".publicKeys = [ main chaewon ];
+}