{ name = "Forgejo runner"; description = '' Forgejo actions runner ''; nixosModule = { pkgs, lib, config, host, ... }: { options.forgejo-runner = { url = lib.mkOption { type = lib.types.str; }; }; config = let cfg = config.forgejo-runner; cachePort = 39175; in { networking.firewall.allowedTCPPorts = [ cachePort ]; sops.secrets = { "forgejo_runner/token" = { owner = "root"; }; }; environment.persistence."/persistent" = { directories = [ "/var/lib/private/gitea-runner" ]; }; sops.templates."forgejo_runner_token.env" = { owner = "root"; content = '' TOKEN=${config.sops.placeholder."forgejo_runner/token"} ''; }; systemd.services.forgejo-secrets = { after = [ "cephfs.mount" ]; }; services.gitea-actions-runner = { package = pkgs.forgejo-actions-runner; instances.default = { enable = true; name = "runner"; url = cfg.url; tokenFile = config.sops.templates."forgejo_runner_token.env".path; labels = [ "ubuntu-latest:docker://node:16-bullseye" "ubuntu-22.04:docker://node:16-bullseye" "ubuntu-20.04:docker://node:16-bullseye" "ubuntu-18.04:docker://node:16-buster" ]; settings = { cache = { enabled = true; host = host.ip; port = cachePort; actions_cache_url_override = "http://${host.ip}:${toString cachePort}"; }; container = { docker_host = "automount"; }; }; }; }; }; }; }