From f70d9c51e3b252c0d1d10943c18a1f57c33c2962 Mon Sep 17 00:00:00 2001
From: Oliver Davies <oliver@oliverdavies.dev>
Date: Fri, 2 May 2025 23:57:47 +0100
Subject: [PATCH] Configure nixedo as a Forgejo Actions Runner

---
 hosts/nixedo/services/default.nix | 35 +++++++++++++++++++++++++++++++
 secrets.nix                       |  4 ++++
 secrets/forgejo-runner-token.age  | 17 +++++++++++++++
 3 files changed, 56 insertions(+)
 create mode 100644 secrets/forgejo-runner-token.age

diff --git a/hosts/nixedo/services/default.nix b/hosts/nixedo/services/default.nix
index 40fdd42d..4c24566a 100644
--- a/hosts/nixedo/services/default.nix
+++ b/hosts/nixedo/services/default.nix
@@ -1,3 +1,10 @@
+{
+  config,
+  inputs,
+  pkgs,
+  ...
+}:
+
 {
   imports = [
     ./homepage
@@ -9,4 +16,32 @@
   services = {
     tailscale.enable = true;
   };
+
+  services.gitea-actions-runner.instances.default = {
+    enable = true;
+
+    hostPackages = with pkgs; [
+      bash
+      coreutils
+      curl
+      gawk
+      gitMinimal
+      gnused
+      nix
+      nodejs
+      wget
+    ];
+
+    labels = [
+      "nixos:host"
+    ];
+
+    name = config.networking.hostName;
+    tokenFile = config.age.secrets.forgejo-runner-token.path;
+    url = config.services.forgejo.settings.server.ROOT_URL;
+  };
+
+  age.secrets = {
+    forgejo-runner-token.file = "${inputs.self}/secrets/forgejo-runner-token.age";
+  };
 }
diff --git a/secrets.nix b/secrets.nix
index 59104be0..fed13e5d 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -20,6 +20,10 @@ in
     hosts.nixedo
   ] ++ [ users.opdavies ];
 
+  "secrets/forgejo-runner-token.age".publicKeys = [
+    hosts.nixedo
+  ] ++ [ users.opdavies ];
+
   "secrets/tubearchivist-env.age".publicKeys = [
     hosts.nixedo
     hosts.t480
diff --git a/secrets/forgejo-runner-token.age b/secrets/forgejo-runner-token.age
new file mode 100644
index 00000000..4a190f4f
--- /dev/null
+++ b/secrets/forgejo-runner-token.age
@@ -0,0 +1,17 @@
+age-encryption.org/v1
+-> ssh-ed25519 IsVD3g mB4VczPxs3QfwaBzmQ0M11i2DvLiWuUFg0lxOc2SSxk
+P7HviMd5+e8pDRTKfWhyqN8Su7qtFLT3fINy4z1Iz2Y
+-> ssh-rsa +vTWQw
+QXgFMe0rRO6exSgeztsAFdF5CMCWNiutiYSX5AajAlWHf3or65xCJVJO1EEZrQEK
+u5BQXzS/iVxnjI+oEyHhID6J3rIiRSVlmA+BNFksh0Fh4ihSq8Iqdwp7TjkX5oas
+RWVzj5dIqTwhtXwcFYbX5Lj68UMZtHjRp8PLAa9WtV1zbU5R3000ofcDFXnZrHW9
+q8FD50EiA7S0ORHgMUlZPAXPU4mIxjs7Qj6QwL55md4ZExdAy8b+srGGSMZlO8Zo
+7gn2B778LAVzaiibtKN7Tc/+AX23QEDPJzkgUTPL4AbicMO8QS9fHDurDRDs0p9z
+cnWra1YhFujzD2z+cW/Tmt23dv9Zs11wEZ2pDK3T2Fi0mIfTZWkkoYz4rrlW9yJm
+Ag9XAJvJS1S4BWeT1UVUE7Z641t2Qsm+5isdRn0JOJ31pLBUE9XbemBmLQGxPhOp
+sYjEk5ldMY1U/nO7KDvot42uE6LcLF2PvRFUAqfwCG+Zu285EfSP1ic4AiyRBy/I
+gnXXeXCHou5uCyN3SpxwTrEen6LBuMbLAeOArXgSqUj/CGSYQJug2b7EPxM4m0+/
+axNzdt6Ytsr+9zfSrS6GCKgcrJtAmooptyustj+Zpr9sC7gtSZeLBWbvw4uVcmPt
+HabHNjE4Rayjwa+ILqrTLzK538dEK2ta1Kv4ebTAYgU
+--- ibayDVd69gBfWFeA9t+3f1zcB2fu1xzRVwsxmwwAPIM
+jgíàz{œdDo0hÑ}ÂžAñøô´»Û³Ý–>-Ójèœ!ÜÑ¬†÷ÓQÀª“ŽeP¨ÀlÔæ5¥ªmwInEv¬ïv²®ŽçÑIHn
\ No newline at end of file