From cc8ca71f2dbef79f7bb6eddb7637eddff76046e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20R=C3=B6ger?= <jonas.roeger@tu-dortmund.de>
Date: Tue, 24 Mar 2026 23:41:43 +0100
Subject: [PATCH] System Gen3 @ 2026-03-24-23:41:42 by jonas@harbor

---
 hosts/harbor/configuration.nix      |  1 +
 modules/services/gitea-instance.nix | 52 +++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+)

diff --git a/hosts/harbor/configuration.nix b/hosts/harbor/configuration.nix
index 2e7e1a0..58abbfa 100644
--- a/hosts/harbor/configuration.nix
+++ b/hosts/harbor/configuration.nix
@@ -67,6 +67,7 @@
 
   # hive modules
   hive.gitea-instance.enable = true;
+  hive.gitea-instance.nativeRunner = true;
   hive.gitea-instance.instanceFQDN = "git.jroeger.de";
   hive.gitea-instance.databasePasswordFile = config.sops.secrets.gitea-db-pass.path;
   hive.gotify-instance.enable = true;
diff --git a/modules/services/gitea-instance.nix b/modules/services/gitea-instance.nix
index 7593fb5..bdfd194 100644
--- a/modules/services/gitea-instance.nix
+++ b/modules/services/gitea-instance.nix
@@ -19,6 +19,11 @@ in {
       example = "/etc/gitea-db-pass.txt";
       description = "Path to the file containing the Gitea database password";
     };
+    nativeRunner = lib.mkOption {
+      type = lib.types.bool;
+      description = "Install a gitea act_runner using the native nix store";
+      default = false;
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -68,5 +73,52 @@ in {
         }
       ];
     };
+
+    # act_runner
+    services.gitea-actions-runner = lib.mkIf cfg.nativeRunner {
+      instances.nixos-host = {
+        enable = true;
+        name = "nixos-host-runner";
+        url = "https://${cfg.instanceFQDN}";
+        tokenFile = "/var/lib/gitea-registration/nixos-host";
+
+        labels = ["nixos:host"];
+
+        settings = {
+          runner = {
+            capacity = 1;
+          };
+        };
+      };
+    };
+    systemd.services.gitea-runner-nixos-host = lib.mkIf cfg.nativeRunner {
+      after = [
+        "gitea-runner-gen-token.service"
+      ];
+      requires = [
+        "gitea-runner-gen-token.service"
+      ];
+    };
+    systemd.services.gitea-runner-gen-token = lib.mkIf cfg.nativeRunner {
+      wantedBy = ["multi-user.target"];
+      after = ["gitea.service"];
+      environment = {
+        GITEA_CUSTOM = "/var/lib/gitea/custom";
+        GITEA_WORK_DIR = "/var/lib/gitea";
+      };
+      script = ''
+        set -euo pipefail
+        token=$(${config.services.gitea.package}/bin/gitea actions generate-runner-token)
+        echo "TOKEN=$token" > /var/lib/gitea-registration/nixos-host
+      '';
+      unitConfig.ConditionPathExists = ["!/var/lib/gitea-registration/nixos-host"];
+      serviceConfig = {
+        User = "gitea";
+        Group = "gitea";
+        StateDirectory = "gitea-registration";
+        Type = "oneshot";
+        RemainAfterExit = true;
+      };
+    };
   };
 }