diff --git a/configuration.nix b/configuration.nix index b8056db..6fae47c 100644 --- a/configuration.nix +++ b/configuration.nix @@ -146,6 +146,18 @@ enable = true; domain = "git.ashisgreat.xyz"; disableRegistration = true; # Admin only + runner = { + enable = true; + tokenFile = config.sops.templates."forgejo-runner.env".path; + }; + }; + + # Forgejo runner secrets + sops.secrets.forgejo_runner_token = { }; + sops.templates."forgejo-runner.env" = { + content = '' + TOKEN=${config.sops.placeholder.forgejo_runner_token} + ''; }; # === CrowdSec === diff --git a/modules/forgejo.nix b/modules/forgejo.nix index f8cf6f6..23e259c 100644 --- a/modules/forgejo.nix +++ b/modules/forgejo.nix @@ -38,6 +38,28 @@ in default = true; description = "Disable public user registration"; }; + + runner = { + enable = lib.mkEnableOption "Forgejo Actions Runner"; + name = lib.mkOption { + type = lib.types.str; + default = config.networking.hostName; + description = "Name of the runner"; + }; + tokenFile = lib.mkOption { + type = lib.types.path; + description = "Path to the token file (containing TOKEN=...)"; + }; + labels = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ + "native:host" + "ubuntu-latest:docker://node:20-bullseye" + "debian-latest:docker://node:20-bullseye" + ]; + description = "Labels for the runner"; + }; + }; }; config = lib.mkIf cfg.enable { @@ -87,5 +109,22 @@ in myModules.backup.paths = [ config.services.forgejo.stateDir ]; + + # Actions Runner + services.gitea-actions-runner = lib.mkIf cfg.runner.enable { + package = pkgs.forgejo-runner; + instances.default = { + enable = true; + name = cfg.runner.name; + url = "https://${cfg.domain}"; + tokenFile = cfg.runner.tokenFile; + labels = cfg.runner.labels; + settings = { + container = { + network = "bridge"; + }; + }; + }; + }; }; }