add forgejo runner to arachnide server

config/arachnide/configuration.nix

@@ -11,6 +11,7 @@
       /var/src/modules/nginx.nix
       /var/src/modules/nixin-web.nix
       /var/src/modules/forgejo.nix
+      /var/src/modules/forgejo-runner.nix
     ];
 
   # Bootloader.
@@ -59,6 +60,14 @@
     in lib.strings.trim pwd;
   };
 
+  nixin.forge-runner = {
+    token-file = "/etc/forgejo/runner.token";
+    #token = let 
+    #  pwd = builtins.readFile <secrets/forgejo-runner-token>;
+    #in lib.strings.trim pwd;
+    url = "https://forge.lab12.fr";
+  };
+
 
   # Enable ip forwarding to route packets for the local network connected to enp3s0  
   boot.kernel.sysctl = {

krops.nix

@@ -38,9 +38,35 @@ let
     target = "root@192.168.36.6";
   };
 
+  register-runner = pkgs.krops.writeCommand "register-forgejo-runner" {
+    source = source "arachnide";
+    target = lib.mkTarget "douzeb@192.168.36.9" // {
+      port = "144";
+      sudo = true;
+    };
+    command = targetPath: ''
+      forgejo forgejo-cli actions register --name local-runner --secret $(head -n 1 /var/src/secrets/forgejo-runner-secret)      
+    '';
+  };
+
+  gen-runner-token = pkgs.krops.writeCommand "generate-forgejo-runner-token" {
+    source = source "arachnide";
+    target = lib.mkTarget "douzeb@192.168.36.9" // {
+      port = "144";
+      sudo = true;
+    };
+    command = targetPath: ''
+      mkdir -p /etc/forgejo
+      echo "TOKEN=$(forgejo forgejo-cli actions generate-runner-token)" > /etc/forgejo/runner.token
+      cat /etc/forgejo/runner.token
+    '';
+  };
+
 in {
   arachnide = arachnide;
   dromadaire = dromadaire;
   all = pkgs.writeScript "deploy-all-servers"
     (lib.concatStringsSep "\n" [ arachnide dromadaire ]);
+  register-runner = register-runner;
+  gen-runner-token = gen-runner-token;
 }

modules/forgejo-runner.nix

@@ -0,0 +1,53 @@
+# Forgejo
+{ config, pkgs, lib, ... }:
+
+let
+  inherit (lib) mkOption mkDefault;
+in
+{
+  options = {
+    nixin.forge-runner = {
+      token-file = mkOption { type = lib.types.str; };
+      #token = mkOption { type = lib.types.str; };
+      url = mkOption { type = lib.types.str; };
+    };
+  };
+
+  config = {
+    virtualisation.containers.enable = true;
+    virtualisation.podman = {
+      enable = true;
+
+      # Create a `docker` alias for podman, to use it as a drop-in replacement
+      #dockerCompat = true;
+
+      # Required for containers under podman-compose to be able to talk to each other.
+      defaultNetwork.settings.dns_enabled = true;
+    };
+
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-runner;
+    instances.default = {
+      enable = true;
+      name = "local-runner";
+      url = "${config.nixin.forge-runner.url}";
+      tokenFile = "${config.nixin.forge-runner.token-file}";
+      #token = "${config.nixin.forge-runner.token}";
+      labels = [
+                 # provide a debian base with nodejs for actions
+                 "debian-latest:docker://node:20-bookworm"
+                 # fake the ubuntu name, because node provides no ubuntu builds
+                 "ubuntu-latest:docker://node:20-bookworm"
+                 # nixos
+                 "nixos:docker://nixos/nix:latest"
+                 # provide native execution on the host
+                 #"native:host"
+      ];
+    };    
+  };
+
+  # Open ports in the firewall.
+  networking.firewall.allowedUDPPorts = [ 53 ];
+
+  };
+}