From 29697934daf13c813005bc97695f5aab7ba56238 Mon Sep 17 00:00:00 2001
From: Nydragon <contact@ccnlc.eu>
Date: Fri, 31 Jan 2025 11:38:30 +0100
Subject: [PATCH] feat: add forgejo runner

---
 hosts/raptus/forgejo.nix         | 19 +++++++++++++++----
 secrets/forgejo-runner-token.age |  7 +++++++
 secrets/secrets.nix              |  4 ++++
 3 files changed, 26 insertions(+), 4 deletions(-)
 create mode 100644 secrets/forgejo-runner-token.age

diff --git a/hosts/raptus/forgejo.nix b/hosts/raptus/forgejo.nix
index 2c69f4a..0d78066 100644
--- a/hosts/raptus/forgejo.nix
+++ b/hosts/raptus/forgejo.nix
@@ -16,13 +16,24 @@ in
       "L+ ${config.services.forgejo.customDir}/public/robots.txt - - - - ${robots.outPath}"
     ];
 
+  services.gitea-actions-runner = {
+    instances."raptus" = {
+      enable = true;
+      name = "raptus";
+      tokenFile = config.age.secrets.forgejo-runner-token.age;
+      url = "https://git.ccnlc.eu";
+      labels = [
+        "debian-latest:docker://node:18-bullseye"
+        "nix:docker://ghcr.io/nydragon/runner:latest"
+      ];
+    };
+  };
+
+  virtualisation.docker.enable = true;
+
   networking.firewall.allowedTCPPorts = [ sshPort ];
 
   services.nginx = {
-    enable = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-    clientMaxBodySize = "50M";
     virtualHosts.${domain} = {
       locations."/" = {
         proxyPass = "http://unix:/run/forgejo/forgejo.sock";
diff --git a/secrets/forgejo-runner-token.age b/secrets/forgejo-runner-token.age
new file mode 100644
index 0000000..74cc2be
--- /dev/null
+++ b/secrets/forgejo-runner-token.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 b3HlPA dBkOMVkozSkc7hGVGBV8KanAOqT57d/FGTyPQnZGQBM
+4MGa6vkR/XtD6scjA2giiDINdfFH4Y9Ebn/Pki7bxPM
+-> ssh-ed25519 WcjW5A HOrY4chLCOJJQmZqn2ax8sBWqFi1MnzwUmT3qY1+Uxk
+4L36W1eX4rfzH0e6YWtJ4hEl5FoKA9Okd1CYNWP1yXU
+--- syAd07l1R2c15ZVprT+nEw0IO2o/EAWPG0KieTVQxOE
+t���N�h��N�(sfEkS(��)�_k�� K/i����eX/��8��h���
S	�������~��j��$�
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 9a1cc44..a1ab819 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -16,4 +16,8 @@ in
   "rustypaste.age".publicKeys = devices ++ [ ny ];
   "navidrome.age".publicKeys = devices ++ [ ny ];
   "adguard-dns-list.age".publicKeys = devices ++ [ ny ];
+  "forgejo-runner-token.age".publicKeys = [
+    raptus
+    ny
+  ];
 }