From 77a2d02d9ee40c91d51a32b1c0c5d38f5efc4a27 Mon Sep 17 00:00:00 2001
From: Julien Malka <julien@malka.sh>
Date: Sat, 3 Aug 2024 11:06:14 +0200
Subject: [PATCH] feat: add forgejo runner on tower

---
 machines/tower/default.nix             |   1 +
 machines/tower/forgejo-runner.nix      |  27 +++++++++++++++++++++++++
 secrets/forgejo_runners-token_file.age | Bin 253 -> 259 bytes
 3 files changed, 28 insertions(+)
 create mode 100644 machines/tower/forgejo-runner.nix

diff --git a/machines/tower/default.nix b/machines/tower/default.nix
index 41a4d68..9945579 100644
--- a/machines/tower/default.nix
+++ b/machines/tower/default.nix
@@ -4,6 +4,7 @@
   imports = [
     ./hardware.nix
     ./home-julien.nix
+    ./forgejo-runner.nix
   ];
 
   boot.loader.grub.enable = true;
diff --git a/machines/tower/forgejo-runner.nix b/machines/tower/forgejo-runner.nix
new file mode 100644
index 0000000..6eda65a
--- /dev/null
+++ b/machines/tower/forgejo-runner.nix
@@ -0,0 +1,27 @@
+{ pkgs, config, ... }:
+{
+  age.secrets.forgejo_runners-token_file.file = ../../secrets/forgejo_runners-token_file.age;
+  nix.settings.allowed-users = [ "gitea-runner" ];
+  nix.settings.trusted-users = [ "gitea-runner" ];
+
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-runner;
+    instances = {
+      native = {
+        enable = true;
+        url = "https://git.luj.fr";
+        name = "native";
+        labels = [ "native:host" ];
+        tokenFile = config.age.secrets.forgejo_runners-token_file.path;
+        hostPackages = with pkgs; [
+          lix
+          nodejs
+          git
+          bash
+          coreutils
+          curl
+        ];
+      };
+    };
+  };
+}
diff --git a/secrets/forgejo_runners-token_file.age b/secrets/forgejo_runners-token_file.age
index 5e908650395c8f00963f47f033c072571d645df4..f4dc420c63930496fff6d5c6cb0c367cae36981e 100644
GIT binary patch
delta 223
zcmV<503iSU0fPdNEPpUkPA^MHLUB_yIcisTVoydmGj>96SaD)EYFK1*Pe)HdGdEaz
zWn)N0a|%UjV?uK@WmZWvR8MwMS#&~4LMvKNRb*~VICD%_GGr@iVRLs;LQrsUI0`K-
zEg&~5L`iQsO?E*?Z9;TIQBY7~YIrngHFrZda7ATfcS=N5YglqtN@+$#SV0O6I)3p$
znd)OxEHwofO@3V%?X974uk;>%Q&unXg|NI2y4?~fN%IMEF9dEG{9vkc<Hi2s?XqFb
ZRvoFXAn*}c;SDxu7l?qRKi2W>S#TN*R3-ob

delta 217
zcmV;~04D!~0{sDyEPq8%FEdtjPisg|FHUeXOldJQZA5x8IYN4EQAkZWWL9i8G<P_6
zS#of0a|%RaQ*B9ELt0dDQE@U&a(O{abZ0m@PjgamGe}ZwFK|a;R7Z1eLr_&(a|$gj
zEg)(+H!pBOYiBe<aCL7nHDxkmax!r*PBnRDFfcMRG(kC6V^V5paZ6!hV{Z!5L*RcP
zz?%^?*~0HvfbrZE9-xc}F_y^UeBJ=5Nrq2;dQO*3$D?R6C`D%jA>@3KEtJWbKG+&&
T(}zfCejR4^`@p$)3}ij?smf8+