{ pkgs, config, lib, ... }: { environment.systemPackages = with pkgs; [ vim # zig broken on darwin #ncdu git tmux cachix direnv lazydocker lazygit nodejs_20 ]; sops.secrets."forgejo-runner-token" = { # configure secret for forwarding rules sopsFile = ./secrets.sops.yaml; mode = "0444"; restartUnits = [ "gitea-runner-default.service" ]; }; virtualisation.docker.enable = true; users.users.gitea-runner.group = "gitea-runner"; users.groups.gitea-runner = {}; users.users.gitea-runner.extraGroups = [ "docker" ]; users.users.gitea-runner.isNormalUser = true; # Runner communication port for cache restores. networking.firewall.allowedTCPPorts = [ 45315 ]; services.gitea-actions-runner = { package = pkgs.forgejo-actions-runner; instances.default = { enable = true; name = "monolith"; url = "https://git.hsn.dev"; # Obtaining the path to the runner token file may differ tokenFile = config.sops.secrets.forgejo-runner-token.path; labels = [ "docker:docker://node:20-bullseye" "aarch64" "linux" "pc" "ubuntu-aarch64:docker://ubuntu:latest" ## optionally provide native execution on the host: # "native:host" ]; }; }; system.stateVersion = "24.05"; }