feat: add forgejo actions runner service

agenix-config-module.nix

@@ -15,4 +15,5 @@
     owner = "headscale";
     group = "headscale";
   };
+  age.secrets.FORGEJO_ACTIONS_RUNNER.file = ./secrets/samsehu_FORGEJO_ACTIONS_RUNNER.age;
 }

configuration.nix

@@ -354,6 +354,7 @@
 
   services.forgejo = {
     enable = true;
+    lfs.enable = true;
     settings = {
       server.ROOT_URL = "https://git.samsehu.perli.casa/";
       server.HTTP_ADDR = "127.0.0.1";
@@ -361,6 +362,23 @@
     };
   };
 
+  virtualisation.docker = {
+    enable = true;
+  };
+
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-actions-runner;
+    instances.default = {
+      enable = true;
+      name = "monolith";
+      url = "https://git.samsehu.perli.casa";
+      tokenFile = config.age.secrets.FORGEJO_ACTIONS_RUNNER.path;
+      labels = [
+        "ubuntu-latest:docker://node:16-bullseye"
+      ];
+    };
+  };
+
   # lldap LDAP authentication server
   users.users.lldap = {
     # allocates the `uid` in the range 100-999, which indicates to software like login managers that it should not be displayed to the user.

secrets/samsehu_FORGEJO_ACTIONS_RUNNER.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 yXNDbw 4a+/qWs85NX56a69U11wy6lNuLNhVvLoJ9NWWugUhB0
+o22suKiDXAAP8jFvQ4y+YpuBbWFb+REotJIwFBaKxiA
+-> ssh-ed25519 BTX+xA jqZwCo9Ml4DpnHsKNy+YZ2xq9yjher9XuXQuAG3CYFU
+CRkI7Haxz2krgOP/EXK0DWl16HJNeeMKGfH+wmQyv9g
+--- RfMwfHQsd1TAQThx+6iA2ZTVgNg+PxNLM0JXi6/bNJU
+A<EFBFBD>°l5Üà\U3QãÊ…õõ{V…¶ÓtIãrö<07>
؇T/<2F>œ®@UÿÇØRZ
Ž(¾ÌðŒ‘m†-3ƒ;t.‘[ÓCFp*ãç

secrets/secrets.nix

@@ -10,4 +10,5 @@ in
   "samsehu_OIDC_APP_SECRET_HEADSCALE.age".publicKeys = geemili ++ [ samsehu ];
   "samsehu_OIDC_APP_SECRET_FORGEJO.age".publicKeys = geemili ++ [ samsehu ];
   "samsehu_LLDAP_ADMIN_PASSWORD.age".publicKeys = geemili ++ [ samsehu ];
+  "samsehu_FORGEJO_ACTIONS_RUNNER.age".publicKeys = geemili ++ [ samsehu ];
 }