enable gitea actions and runner

hosts/flame/default.nix

@@ -62,6 +62,8 @@ inputs.nixpkgs.lib.nixosSystem {
           "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
       };
 
+      giteaRunner.enable = true;
+
       # Nextcloud backup config
       backup.s3 = {
         endpoint = "s3.us-west-002.backblazeb2.com";

modules/nixos/services/default.nix

@@ -7,6 +7,7 @@
     ./calibre.nix
     ./cloudflare-tunnel.nix
     ./cloudflare.nix
+    ./gitea-runner.nix
     ./gitea.nix
     ./gnupg.nix
     ./grafana.nix

modules/nixos/services/gitea-runner.nix

@@ -0,0 +1,36 @@
+{ config, pkgs, lib, ... }:
+
+{
+  options.giteaRunner.enable =
+    lib.mkEnableOption "Enable Gitea Actions runner.";
+
+  config = lib.mkIf config.giteaRunner.enable {
+
+    services.gitea-actions-runner.instances.${config.networking.hostName} = {
+      enable = true;
+      labels = [
+        # Provide a Debian base with NodeJS for actions
+        "debian-latest:docker://node:18-bullseye"
+        # Fake the Ubuntu name, because Node provides no Ubuntu builds
+        "ubuntu-latest:docker://node:18-bullseye"
+        # Provide native execution on the host using below packages
+        "native:host"
+      ];
+      hostPackages = with pkgs; [
+        bash
+        coreutils
+        curl
+        gawk
+        gitMinimal
+        gnused
+        nodejs
+        wget
+      ];
+      name = config.networking.hostName;
+      url = "https://${config.hostnames.git}";
+      tokenFile = config.secrets.giteaRunnerToken.dest;
+    };
+
+  };
+
+}

modules/nixos/services/gitea.nix

@@ -8,6 +8,7 @@ in {
     services.gitea = {
       database.type = "sqlite3";
       settings = {
+        actions.ENABLED = true;
         repository = {
           DEFAULT_PUSH_CREATE_PRIVATE = true;
           DISABLE_HTTP_GIT = false;