nixos/services/forgejo-runner.nix

# services/forgejo-runner.nix — self-hosted Forgejo Actions runner.
#
# Registers with forg.gregersen.it and runs jobs in Docker containers.
# Workflows in this repo target `runs-on: fred-nix`, which maps to the
# catthehacker ubuntu image (the de-facto compatibility image for running
# GitHub-style workflows on self-hosted runners).
#
# The runner registration token is one-time-use: it must exist at the path
# below on first activation, after which the runner stores its own auth in
# /var/lib/gitea-runner. To register:
#
#   echo 'YOUR_REGISTRATION_TOKEN' | sudo tee /var/secrets/forgejo-runner-token
#   sudo chmod 600 /var/secrets/forgejo-runner-token
{ config, lib, pkgs, ... }:
{
  config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {

    services.gitea-actions-runner = {
      package = pkgs.forgejo-actions-runner;
      instances.default = {
        enable = true;
        name = "mediaserver";
        url = "https://forg.gregersen.it";
        tokenFile = "/var/secrets/forgejo-runner-token";
        labels = [
          "fred-nix:docker://catthehacker/ubuntu:act-latest"
        ];
      };
    };
  };
}
runner: add Forgejo Actions runner on the mediaserver Adds services/forgejo-runner.nix as a host-gated module on the mediaserver and switches the flake-update workflow from runs-on: ubuntu-latest to the self-hosted fred-nix label, mapped to catthehacker/ubuntu:act-latest for GitHub-action compatibility. Token lives at /var/secrets/forgejo-runner-token so it stays out of the Nix store. Also drops the stray result/ build symlink from the worktree. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-05-01 15:58:24 +01:00			`# services/forgejo-runner.nix — self-hosted Forgejo Actions runner.`
			`#`
			`# Registers with forg.gregersen.it and runs jobs in Docker containers.`
			# Workflows in this repo target `runs-on: fred-nix`, which maps to the
			`# catthehacker ubuntu image (the de-facto compatibility image for running`
			`# GitHub-style workflows on self-hosted runners).`
			`#`
			`# The runner registration token is one-time-use: it must exist at the path`
			`# below on first activation, after which the runner stores its own auth in`
			`# /var/lib/gitea-runner. To register:`
			`#`
			`# echo 'YOUR_REGISTRATION_TOKEN' \| sudo tee /var/secrets/forgejo-runner-token`
			`# sudo chmod 600 /var/secrets/forgejo-runner-token`
			`{ config, lib, pkgs, ... }:`
			`{`
			`config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {`

			`services.gitea-actions-runner = {`
			`package = pkgs.forgejo-actions-runner;`
			`instances.default = {`
			`enable = true;`
			`name = "mediaserver";`
			`url = "https://forg.gregersen.it";`
			`tokenFile = "/var/secrets/forgejo-runner-token";`
			`labels = [`
			`"fred-nix:docker://catthehacker/ubuntu:act-latest"`
			`];`
			`};`
			`};`
			`};`
			`}`