old
 1{
 2  pkgs,
 3  lib,
 4  config,
 5  ...
 6}: {
 7  services.gitea-actions-runner = {
 8    package = pkgs.forgejo-runner;
 9    instances.default = {
10      enable = true;
11      name = "runner-pardofelis";
12      url = "https://repo.hpcesia.com/";
13      tokenFile = config.sops.templates."forgejo-runner-token-file".path;
14      labels = [
15        "ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04"
16        "nixos-latest:host"
17      ];
18      settings = {
19        container = {
20          network = "";
21          enable_ipv6 = true;
22        };
23      };
24      hostPackages = with pkgs; [
25        bash
26        coreutils
27        gnused
28        gnutar
29        gnumake
30        curl
31        wget
32        gitMinimal
33        nix
34      ];
35    };
36  };
37
38  users.users.gitea-runner = {
39    isSystemUser = true;
40    useDefaultShell = true;
41    group = "gitea-runner";
42  };
43  users.groups.gitea-runner = {};
44
45  sops.templates.forgejo-runner-token-file = {
46    content = "TOKEN=${config.sops.placeholder.forgejo-runner-token}";
47    owner = "root";
48    group = "gitea-runner";
49    mode = "0440";
50  };
51
52  systemd.services.gitea-runner-default.serviceConfig = {
53    DynamicUser = lib.mkForce false;
54    User = "gitea-runner";
55    Group = "gitea-runner";
56  };
57
58  # If you would like to use docker runners in combination with cache actions,
59  # be sure to add docker bridge interfaces “br-*” to the firewalls’ trusted interfaces.
60  # See https://forgejo.org/docs/next/admin/actions/runner-installation/#nixos
61  networking.firewall.trustedInterfaces = ["br-+"];
62}