From 13a7c455a9dcb02bd09ffdfceb90a070e6419299 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Fri, 17 Jan 2025 14:20:00 +0100
Subject: [PATCH] feat(home-server): add forgejo runner

---
 secrets/forgejo/runner-token.age |  8 +++++++
 services/forgejo/default.nix     |  6 +++++
 services/forgejo/runner.nix      | 41 ++++++++++++++++++++++++++++++++
 3 files changed, 55 insertions(+)
 create mode 100644 secrets/forgejo/runner-token.age
 create mode 100644 services/forgejo/runner.nix

diff --git a/secrets/forgejo/runner-token.age b/secrets/forgejo/runner-token.age
new file mode 100644
index 0000000..0ef260d
--- /dev/null
+++ b/secrets/forgejo/runner-token.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 OAZQhA 2ptce5tD9VWD7rfhCjLZbKzznVXLHFw1L5iXbwrAyUQ
+egOD0xgvKyRsezgBCmaZrft/61TtS3fh4mHWf+taNjI
+-> ssh-ed25519 72ij7w mVe1vE1rQT0t21xwwrLqEytD/1dwB2gwbzuNx6z/tEQ
+ZxcOXVdxpxpvvU6ozhjJ41hIncxygJcV3icGFascFpw
+--- 298y2yI6JRzmJq1If1v3NMjRKlCpH2kjUqhfL47n2ag
+2Ý©TwÀÆV}ü“6­´Ï¶A=è/w <þ½Ù­éÏÍÖ[|Fïdåˆì$e^&
+	ªÐ°HÐüöaì&„ß€v›Ò]
\ No newline at end of file
diff --git a/services/forgejo/default.nix b/services/forgejo/default.nix
index eb9cbbf..9f67b80 100644
--- a/services/forgejo/default.nix
+++ b/services/forgejo/default.nix
@@ -11,6 +11,8 @@ let
   cfg = config.services.forgejo;
 in
 {
+  imports = [ ./runner.nix ];
+
   age.secrets.forgejo-admin-password = {
     file = ../../secrets/forgejo/admin-password.age;
     owner = cfg.user;
@@ -34,6 +36,10 @@ in
       ui = {
         DEFAULT_THEME = "forgejo-dark";
       };
+      actions = {
+        ENABLED = true;
+        DEFAULT_ACTIONS_URL = "https://${domain}";
+      };
       mailer = {
         ENABLED = true;
         PROTOCOL = "sendmail";
diff --git a/services/forgejo/runner.nix b/services/forgejo/runner.nix
new file mode 100644
index 0000000..576221a
--- /dev/null
+++ b/services/forgejo/runner.nix
@@ -0,0 +1,41 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  forgejoCfg = config.services.forgejo;
+  domain = forgejoCfg.settings.server.DOMAIN;
+in
+{
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-runner;
+    instances.local = {
+      enable = true;
+      url = "https://${domain}";
+      tokenFile = ""; # dynamically retrieved from Forgejo (see further below)
+      name = config.networking.hostName;
+      labels = [ "native:host" ];
+      settings = {
+        container.network = "host";
+      };
+    };
+  };
+
+  # automatically get registration token from forgejo
+  systemd.services.forgejo.postStart = lib.mkBefore ''
+    ${pkgs.bash}/bin/bash -c '(while ! ${pkgs.netcat-openbsd}/bin/nc -z -U ${forgejoCfg.settings.server.HTTP_ADDR}; do echo "Waiting for unix ${forgejoCfg.settings.server.HTTP_ADDR} to open..."; sleep 2; done); sleep 2'
+    actions="${lib.getExe config.services.forgejo.package} actions"
+    echo -n TOKEN= > /run/forgejo/forgejo-runner-token
+    $actions generate-runner-token >> /run/forgejo/forgejo-runner-token
+  '';
+
+  systemd.services.gitea-runner-local.serviceConfig = {
+    EnvironmentFile = [ "/run/forgejo/forgejo-runner-token" ];
+  };
+
+  systemd.services.gitea-runner-local.wants = [ "forgejo.service" ];
+  systemd.services.gitea-runner-local.after = [ "forgejo.service" ];
+}