From d93d212b8dd638467865e4eb2f4b8e8cb37c7304 Mon Sep 17 00:00:00 2001
From: Oliver Davies <oliver@oliverdavies.dev>
Date: Fri, 2 May 2025 23:57:47 +0100
Subject: [PATCH] Configure nixedo as a Forgejo Actions Runner

---
 hosts/nixedo/secrets.nix          |   1 +
 hosts/nixedo/services/default.nix |  13 +++++++++++++
 secrets.nix                       |   4 ++++
 secrets/forgejo-runner-token.age  | Bin 0 -> 965 bytes
 4 files changed, 18 insertions(+)
 create mode 100644 secrets/forgejo-runner-token.age

diff --git a/hosts/nixedo/secrets.nix b/hosts/nixedo/secrets.nix
index c3fa36d6..66281777 100644
--- a/hosts/nixedo/secrets.nix
+++ b/hosts/nixedo/secrets.nix
@@ -2,6 +2,7 @@
   age.secrets = {
     cloudflare.file = ../../secrets/cloudflare.age;
     cloudflared.file = ../../secrets/cloudflared-credentials.age;
+    forgejo-runner-token.file = ../../secrets/forgejo-runner-token.age;
     tubearchivist-env.file = ../../secrets/tubearchivist-env.age;
   };
 }
diff --git a/hosts/nixedo/services/default.nix b/hosts/nixedo/services/default.nix
index 40fdd42d..a7dd42c3 100644
--- a/hosts/nixedo/services/default.nix
+++ b/hosts/nixedo/services/default.nix
@@ -1,3 +1,5 @@
+{ config, pkgs, ... }:
+
 {
   imports = [
     ./homepage
@@ -9,4 +11,15 @@
   services = {
     tailscale.enable = true;
   };
+
+  services.gitea-actions-runner.instances.default = {
+    enable = true;
+
+    labels = [
+      "nixos-host:host"
+    ];
+    name = config.networking.hostName;
+    token = ''$(${pkgs.coreutils}/bin/cat ${config.age.secrets.forgejo-runner-token.path}')'';
+    url = config.services.forgejo.settings.server.ROOT_URL;
+  };
 }
diff --git a/secrets.nix b/secrets.nix
index 59104be0..fed13e5d 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -20,6 +20,10 @@ in
     hosts.nixedo
   ] ++ [ users.opdavies ];
 
+  "secrets/forgejo-runner-token.age".publicKeys = [
+    hosts.nixedo
+  ] ++ [ users.opdavies ];
+
   "secrets/tubearchivist-env.age".publicKeys = [
     hosts.nixedo
     hosts.t480
diff --git a/secrets/forgejo-runner-token.age b/secrets/forgejo-runner-token.age
new file mode 100644
index 0000000000000000000000000000000000000000..7d90fbe7c3b68927f62e12a01450e5dc9cf38fe5
GIT binary patch
literal 965
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlEDm!qPFHX<%*pgC
z&MK@7b1lmbPBAdmHgVKX3e58H&hkk$&ki)pFU!sia@9AjD(12b%uKGdC{8vlb~h}~
zC@r%LD)J4j4E72uEOal)_4lptw@3>xGWYRuHh|eyRGg@wT^14^Sk7hSpP6TwXrgUe
zQDs@?ZDt%48S3m;=9+07m{yUJn-!8@?3fx+nv<>_QKTPfmY!}NVd!ZQQju%m8KocQ
zV`#x;8IqG7r0-}@=^2%3>}Zm25)qMR?rWKBoSm1R<zpD-9ULBLkXMy!?y0XImTea1
zUTN%{WfEMJ?CI+4WE|+ll~tLWn-db`>SpO^l<QZVmF(qa7~oyy7M>eoP*7o<7Zl)=
z<ErmloLJ#pTA60zZCGqpo@wHfm>pzbW>I2Z#8u#&9+vHqTI^C$;hJJ$9;jcGAC#dT
zUgF_n;ce;}SefW(lHnCn>TMKZZW8KV=<VX`>k}Cs=@)5M?wl4}mCog9QW2UPm{a0p
zSYBx2o9h*Bmg^PdX^?IdUYeWgn&(lP>{Sx%;ppO7Y98p35mn&slVVwvSe)bQUzL?r
zYH7-q;aFPY9AQvkVQl8=>QtB<kmR1?9qLgY5nkY*mR#ZJU7Q?{<x&~y5*SqJQX1lG
zn(ODB<78ssZdT%IkrWxg72xUOQRtXlZjfP`Y2caWmTF;KRAwCL8XTUV5oKaoR$As!
ztnZwcS`ijfZk!e1lx|iSWl(AAo0#OBQ5jU0!xb2mYfx-x7FH1yT5K6orSImPqi-4H
z=&7Gu=I@c2ROTM(l$9On5t5r_W@xVOZj|kslWyn|>|JSO?jMp|<;SIO6j|Ywo|{{c
zljEN59$cDX<ZTcZ<YiD25LBgK=~q?cX=qvCo2MTdVP@i7?3P~@>>p)e>F#El6%r6>
znD5KwYFK8RQI=b&9iFW3U*TjDS>Ws9lOLJk<{DrSX<B7o5^R`g8W!wa9FQL1sb5uI
zWSSFV<d++m>+Kd16qXXkW#OXlpIBO$Yhq$<=oS(XnPpgz=@a4?Wnh@<m=dC$VjdQr
z6OyLy6Pg#vrK_u};B4k+7FLm>Z{ls}XJ%0m5#$zN>gDV2ou1|4lVuW`Vw_av?;Mg}
zRhSsb)f^GGjWan$X7LW^M-DxD9lx3vOI%=|Bc&n2`f0AGESKbk8_pB6zD!}rT%gQ5
ie|E(4y?=UTW`2!r`%r4K@U7tOm-@?EEy|})x&Z($j6wwf

literal 0
HcmV?d00001