Make forgejo-ci a Frogejo actions runner

infra/forgejo-ci/configuration.nix

@@ -8,6 +8,7 @@ in
   imports = [
     ../common/options.nix
     ../common/nixos
+    ./forgejo-actions-runner.nix
   ];
 
   procolixVm = {

infra/forgejo-ci/forgejo-actions-runner.nix

@@ -0,0 +1,44 @@
+{ pkgs, config, ... }:
+
+{
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-actions-runner;
+
+    instances.default = {
+      enable = true;
+
+      name = config.networking.fqdn;
+      url = "https://git.fediversity.eu";
+      tokenFile = config.age.secrets.forgejo-runner-token.path;
+
+      settings = {
+        log.level = "info";
+        runner = {
+          file = ".runner";
+          capacity = 24;
+          timeout = "3h";
+          insecure = false;
+          fetch_timeout = "5s";
+          fetch_interval = "2s";
+        };
+      };
+
+      ## This runner supports Docker (with a default Ubuntu image) and native
+      ## modes. In native mode, it contains a few default packages.
+      labels = [
+        "docker:docker://node:16-bullseye"
+        "native:host"
+      ];
+
+      hostPackages = with pkgs; [
+        bash
+        git
+        nix
+        nodejs
+      ];
+    };
+  };
+
+  ## For the Docker mode of the runner.
+  virtualisation.docker.enable = true;
+}

secrets/secrets.nix

@@ -26,7 +26,10 @@ concatMapAttrs
     {
       forgejo-database-password = [ vm02116 ];
       forgejo-email-password = [ vm02116 ];
-      forgejo-runner-token = [ ];
+      forgejo-runner-token = [
+        fedi300
+        forgejo-ci
+      ];
       panel-secret-key = [ fedi201 ];
       panel-ssh-key = [ fedi201 ];
       wiki-basicauth-htpasswd = [ vm02187 ];