old
1{
2 pkgs,
3 lib,
4 config,
5 ...
6}: {
7 services.gitea-actions-runner = {
8 package = pkgs.forgejo-runner;
9 instances.default = {
10 enable = true;
11 name = "runner-pardofelis";
12 url = "https://repo.hpcesia.com/";
13 tokenFile = config.sops.templates."forgejo-runner-token-file".path;
14 labels = [
15 "ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04"
16 "nixos-latest:host"
17 ];
18 settings = {
19 container = {
20 network = "";
21 enable_ipv6 = true;
22 };
23 };
24 hostPackages = with pkgs; [
25 bash
26 coreutils
27 gnused
28 gnutar
29 gnumake
30 curl
31 wget
32 gitMinimal
33 nix
34 ];
35 };
36 };
37
38 users.users.gitea-runner = {
39 isSystemUser = true;
40 useDefaultShell = true;
41 group = "gitea-runner";
42 };
43 users.groups.gitea-runner = {};
44
45 sops.templates.forgejo-runner-token-file = {
46 content = "TOKEN=${config.sops.placeholder.forgejo-runner-token}";
47 owner = "root";
48 group = "gitea-runner";
49 mode = "0440";
50 };
51
52 systemd.services.gitea-runner-default.serviceConfig = {
53 DynamicUser = lib.mkForce false;
54 User = "gitea-runner";
55 Group = "gitea-runner";
56 };
57
58 # If you would like to use docker runners in combination with cache actions,
59 # be sure to add docker bridge interfaces “br-*” to the firewalls’ trusted interfaces.
60 # See https://forgejo.org/docs/next/admin/actions/runner-installation/#nixos
61 networking.firewall.trustedInterfaces = ["br-+"];
62}