System Gen3 @ 2026-03-24-23:41:42 by jonas@harbor

modules/services/gitea-instance.nix

@@ -19,6 +19,11 @@ in {
       example = "/etc/gitea-db-pass.txt";
       description = "Path to the file containing the Gitea database password";
     };
+    nativeRunner = lib.mkOption {
+      type = lib.types.bool;
+      description = "Install a gitea act_runner using the native nix store";
+      default = false;
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -68,5 +73,52 @@ in {
         }
       ];
     };
+
+    # act_runner
+    services.gitea-actions-runner = lib.mkIf cfg.nativeRunner {
+      instances.nixos-host = {
+        enable = true;
+        name = "nixos-host-runner";
+        url = "https://${cfg.instanceFQDN}";
+        tokenFile = "/var/lib/gitea-registration/nixos-host";
+
+        labels = ["nixos:host"];
+
+        settings = {
+          runner = {
+            capacity = 1;
+          };
+        };
+      };
+    };
+    systemd.services.gitea-runner-nixos-host = lib.mkIf cfg.nativeRunner {
+      after = [
+        "gitea-runner-gen-token.service"
+      ];
+      requires = [
+        "gitea-runner-gen-token.service"
+      ];
+    };
+    systemd.services.gitea-runner-gen-token = lib.mkIf cfg.nativeRunner {
+      wantedBy = ["multi-user.target"];
+      after = ["gitea.service"];
+      environment = {
+        GITEA_CUSTOM = "/var/lib/gitea/custom";
+        GITEA_WORK_DIR = "/var/lib/gitea";
+      };
+      script = ''
+        set -euo pipefail
+        token=$(${config.services.gitea.package}/bin/gitea actions generate-runner-token)
+        echo "TOKEN=$token" > /var/lib/gitea-registration/nixos-host
+      '';
+      unitConfig.ConditionPathExists = ["!/var/lib/gitea-registration/nixos-host"];
+      serviceConfig = {
+        User = "gitea";
+        Group = "gitea";
+        StateDirectory = "gitea-registration";
+        Type = "oneshot";
+        RemainAfterExit = true;
+      };
+    };
   };
 }