ediblerope
046b4bff90
Forgejo's runner defaults to fetching `uses: org/repo@vN` from its instance's mirror (data.forgejo.org), which doesn't host most GitHub-marketplace actions like cachix/install-nix-action. Pointing default_actions_url at github.com makes the existing workflow Just Work without fully-qualified URLs in `uses:` lines. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
36 lines
1.5 KiB
Nix
36 lines
1.5 KiB
Nix
# services/forgejo-runner.nix — self-hosted Forgejo Actions runner.
|
|
#
|
|
# Registers with forg.gregersen.it and runs jobs in Docker containers.
|
|
# Workflows in this repo target `runs-on: fred-nix`, which maps to the
|
|
# catthehacker ubuntu image (the de-facto compatibility image for running
|
|
# GitHub-style workflows on self-hosted runners).
|
|
#
|
|
# The runner registration token is one-time-use: it must exist at the path
|
|
# below on first activation, after which the runner stores its own auth in
|
|
# /var/lib/gitea-runner. The module loads this file as a systemd
|
|
# EnvironmentFile, so it must use KEY=value format (not the raw token):
|
|
#
|
|
# echo 'TOKEN=YOUR_REGISTRATION_TOKEN' | sudo tee /var/secrets/forgejo-runner-token
|
|
# sudo chmod 600 /var/secrets/forgejo-runner-token
|
|
{ config, lib, pkgs, ... }:
|
|
{
|
|
config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
|
|
|
|
services.gitea-actions-runner = {
|
|
package = pkgs.forgejo-runner;
|
|
instances.default = {
|
|
enable = true;
|
|
name = "mediaserver";
|
|
url = "https://forg.gregersen.it";
|
|
tokenFile = "/var/secrets/forgejo-runner-token";
|
|
labels = [
|
|
"fred-nix:docker://catthehacker/ubuntu:act-latest"
|
|
];
|
|
# Resolve `uses: org/repo@v1` against github.com — without this the
|
|
# runner falls back to the Forgejo instance's mirror (data.forgejo.org)
|
|
# which doesn't host most GitHub-marketplace actions.
|
|
settings.runner.default_actions_url = "https://github.com";
|
|
};
|
|
};
|
|
};
|
|
}
|