{ pkgs, config, ... }: { imports = [ ./common.nix ]; # Ensure the /var/lib/gitea-runner/default directory is created # and has the correct permissions. systemd.tmpfiles.rules = [ "d /var/lib/gitea-runner/default 0750 gitea-runner gitea-runner -" "d /var/lib/tailscale 0750 root root -" ]; services.gitea-actions-runner = { package = pkgs.forgejo-actions-runner; instances.default = { enable = true; name = config.networking.hostName; url = "https://git.hsn.dev"; # The gitea-runner token file is pushed on vm creation with this command: # `incus file push "$TOKEN_FILE" "$INCUS_INSTANCE/var/lib/forgejo/$TOKEN_FILE" --mode 400` tokenFile = "/var/lib/gitea-runner/default/tokenfile"; labels = [ "docker:docker://node:20-bullseye" "docker-x86_64:docker://node:20-bullseye" "ubuntu-x86_64:docker://node:20-bullseye" "native-x86_64:host" ]; }; }; # Enable Tailscale with enhanced configuration services.tailscale = { enable = true; openFirewall = true; }; # Ensure networking dependencies are properly ordered # systemd.services.tailscaled = { # after = [ # "network-pre.target" # "NetworkManager.service" # "systemd-resolved.service" # ]; # wants = [ "network-pre.target" ]; # requires = [ "network-online.target" ]; # }; }