nixfiles/hosts/koi/services/actions-runner/default.nix

{ config, pkgs, ... }: 

let 
  UID = 1126;
in {
  desu.secrets.forgejo-runners-token = {};
  desu.secrets.forgejo-runners-token-sf = {};

  users.users.actions-runner = {
    isNormalUser = true;
    uid = 1126;
  };

  systemd.services.actions-runner-build-dind = {
    description = "dind image builder for actions runner";
    after = [ "docker.service" ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      Type = "oneshot";
      ExecStart = "${pkgs.docker}/bin/docker build -t local/actions-runner-dind ${pkgs.copyPathToStore ./image-dind}";
    };
  };

  systemd.services.gitea-runner-koi.requires = [ "actions-runner-build-dind.service" ];
  systemd.services.gitea-runner-koi-stupid-fish.requires = [ "actions-runner-build-dind.service" ];

  services.gitea-actions-runner = {
    package = pkgs.forgejo-runner;
    instances.koi = {
      name = "koi";
      enable = true;
      url = "https://git.stupid.fish";
      tokenFile = config.desu.secrets.forgejo-runners-token-sf.path;
      labels = [
        "node18:docker://node:18-bullseye"
        "node20:docker://node:20-bullseye"
        "node22:docker://node:22-bullseye"
        # fun fact: the actual image doesnt matter! it's only used to determine the runner
        "docker:docker://node:22-bullseye"
      ];
      settings = {
        runner.capacity = 8;
      };
    };

    # a separate runner for dind because it requires privileged mode and act-runner doesnt support setting --privileged for certain images
    instances.koi-dind = {
      name = "koi-dind";
      enable = true;
      url = "https://git.stupid.fish";
      tokenFile = config.desu.secrets.forgejo-runners-token-sf.path;
      labels = [
        "docker-dind:docker://local/actions-runner-dind"
      ];
      settings = {
        container.privileged = true;
      };
    };
  };
}
feat(koi): forgejo runners 2024-12-11 08:59:22 +03:00			`{ config, pkgs, ... }:`

chore(koi/forgejo): improved dind image and added actions cleanup script 2025-01-04 22:52:20 +03:00			`let`
			`UID = 1126;`
			`in {`
feat(koi): forgejo runners 2024-12-11 08:59:22 +03:00			`desu.secrets.forgejo-runners-token = {};`
feat(koi): forgejo 2025-01-03 21:49:41 +03:00			`desu.secrets.forgejo-runners-token-sf = {};`
feat(koi): forgejo runners 2024-12-11 08:59:22 +03:00
chore(koi/forgejo): improved dind image and added actions cleanup script 2025-01-04 22:52:20 +03:00			`users.users.actions-runner = {`
			`isNormalUser = true;`
			`uid = 1126;`
			`};`

feat(koi): forgejo runners 2024-12-11 08:59:22 +03:00			`systemd.services.actions-runner-build-dind = {`
			`description = "dind image builder for actions runner";`
			`after = [ "docker.service" ];`
			`wantedBy = [ "multi-user.target" ];`
			`serviceConfig = {`
			`Type = "oneshot";`
chore(koi/forgejo): improved dind image and added actions cleanup script 2025-01-04 22:52:20 +03:00			`ExecStart = "${pkgs.docker}/bin/docker build -t local/actions-runner-dind ${pkgs.copyPathToStore ./image-dind}";`
feat(koi): forgejo runners 2024-12-11 08:59:22 +03:00			`};`
			`};`

			`systemd.services.gitea-runner-koi.requires = [ "actions-runner-build-dind.service" ];`
chore(koi/forgejo): improved dind image and added actions cleanup script 2025-01-04 22:52:20 +03:00			`systemd.services.gitea-runner-koi-stupid-fish.requires = [ "actions-runner-build-dind.service" ];`
feat(koi): forgejo runners 2024-12-11 08:59:22 +03:00
			`services.gitea-actions-runner = {`
			`package = pkgs.forgejo-runner;`
			`instances.koi = {`
			`name = "koi";`
			`enable = true;`
chore(koi/forgejo): improved dind image and added actions cleanup script 2025-01-04 22:52:20 +03:00			`url = "https://git.stupid.fish";`
			`tokenFile = config.desu.secrets.forgejo-runners-token-sf.path;`
feat(koi): forgejo runners 2024-12-11 08:59:22 +03:00			`labels = [`
			`"node18:docker://node:18-bullseye"`
			`"node20:docker://node:20-bullseye"`
			`"node22:docker://node:22-bullseye"`
chore(koi/forgejo): improved dind image and added actions cleanup script 2025-01-04 22:52:20 +03:00			`# fun fact: the actual image doesnt matter! it's only used to determine the runner`
			`"docker:docker://node:22-bullseye"`
feat(koi): forgejo runners 2024-12-11 08:59:22 +03:00			`];`
			`settings = {`
			`runner.capacity = 8;`
			`};`
			`};`
chore(koi/forgejo): improved dind image and added actions cleanup script 2025-01-04 22:52:20 +03:00
			`# a separate runner for dind because it requires privileged mode and act-runner doesnt support setting --privileged for certain images`
			`instances.koi-dind = {`
			`name = "koi-dind";`
feat(koi): forgejo 2025-01-03 21:49:41 +03:00			`enable = true;`
			`url = "https://git.stupid.fish";`
			`tokenFile = config.desu.secrets.forgejo-runners-token-sf.path;`
			`labels = [`
chore(koi/forgejo): improved dind image and added actions cleanup script 2025-01-04 22:52:20 +03:00			`"docker-dind:docker://local/actions-runner-dind"`
feat(koi): forgejo 2025-01-03 21:49:41 +03:00			`];`
			`settings = {`
chore(koi/forgejo): improved dind image and added actions cleanup script 2025-01-04 22:52:20 +03:00			`container.privileged = true;`
feat(koi): forgejo 2025-01-03 21:49:41 +03:00			`};`
			`};`
feat(koi): forgejo runners 2024-12-11 08:59:22 +03:00			`};`
			`}`