From af66aef50dcd9b8fcd87a6250bb2b094fe326cb7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?=
 <nicolas.jeannerod@moduscreate.com>
Date: Wed, 12 Feb 2025 18:40:43 +0100
Subject: [PATCH] Make `forgejo-ci` a Frogejo actions runner

---
 infra/forgejo-ci/configuration.nix          |  1 +
 infra/forgejo-ci/forgejo-actions-runner.nix | 44 +++++++++++++++++++++
 secrets/secrets.nix                         |  5 ++-
 3 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 infra/forgejo-ci/forgejo-actions-runner.nix

diff --git a/infra/forgejo-ci/configuration.nix b/infra/forgejo-ci/configuration.nix
index c65c5617..84a72b97 100644
--- a/infra/forgejo-ci/configuration.nix
+++ b/infra/forgejo-ci/configuration.nix
@@ -8,6 +8,7 @@ in
   imports = [
     ../common/options.nix
     ../common/nixos
+    ./forgejo-actions-runner.nix
   ];
 
   procolixVm = {
diff --git a/infra/forgejo-ci/forgejo-actions-runner.nix b/infra/forgejo-ci/forgejo-actions-runner.nix
new file mode 100644
index 00000000..39024b60
--- /dev/null
+++ b/infra/forgejo-ci/forgejo-actions-runner.nix
@@ -0,0 +1,44 @@
+{ pkgs, config, ... }:
+
+{
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-actions-runner;
+
+    instances.default = {
+      enable = true;
+
+      name = config.networking.fqdn;
+      url = "https://git.fediversity.eu";
+      tokenFile = config.age.secrets.forgejo-runner-token.path;
+
+      settings = {
+        log.level = "info";
+        runner = {
+          file = ".runner";
+          capacity = 24;
+          timeout = "3h";
+          insecure = false;
+          fetch_timeout = "5s";
+          fetch_interval = "2s";
+        };
+      };
+
+      ## This runner supports Docker (with a default Ubuntu image) and native
+      ## modes. In native mode, it contains a few default packages.
+      labels = [
+        "docker:docker://node:16-bullseye"
+        "native:host"
+      ];
+
+      hostPackages = with pkgs; [
+        bash
+        git
+        nix
+        nodejs
+      ];
+    };
+  };
+
+  ## For the Docker mode of the runner.
+  virtualisation.docker.enable = true;
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 167234d4..0af27917 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -26,7 +26,10 @@ concatMapAttrs
     {
       forgejo-database-password = [ vm02116 ];
       forgejo-email-password = [ vm02116 ];
-      forgejo-runner-token = [ ];
+      forgejo-runner-token = [
+        fedi300
+        forgejo-ci
+      ];
       panel-secret-key = [ fedi201 ];
       panel-ssh-key = [ fedi201 ];
       wiki-basicauth-htpasswd = [ vm02187 ];