From 21505f23f3cf903cf1a6d53f1ac31c6819ff539d Mon Sep 17 00:00:00 2001
From: Ivan Malison <IvanMalison@gmail.com>
Date: Sun, 24 Sep 2023 22:45:43 -0600
Subject: [PATCH] [NixOS] Add separate gitea-runner configuration

---
 nixos/configuration.nix                       |   1 +
 nixos/gitea-runner.nix                        |  50 ++++++++++++++++++
 nixos/gitea.nix                               |   8 ---
 nixos/machines/ryzen-shine.nix                |   1 +
 .../gitea-runner-token.ryzen-shine.age        | Bin 0 -> 2305 bytes
 nixos/secrets/secrets.nix                     |   1 +
 6 files changed, 53 insertions(+), 8 deletions(-)
 create mode 100644 nixos/gitea-runner.nix
 create mode 100644 nixos/secrets/gitea-runner-token.ryzen-shine.age

diff --git a/nixos/configuration.nix b/nixos/configuration.nix
index a07274f9..1aa16069 100644
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -13,6 +13,7 @@
     ./games.nix
     ./git-sync.nix
     ./gitea.nix
+    ./gitea-runner.nix
     ./imalison.nix
     ./internet-computer.nix
     ./kat.nix
diff --git a/nixos/gitea-runner.nix b/nixos/gitea-runner.nix
new file mode 100644
index 00000000..b2d5c637
--- /dev/null
+++ b/nixos/gitea-runner.nix
@@ -0,0 +1,50 @@
+{ pkgs, config, makeEnable, ... }:
+makeEnable config "modules.gitea-runner" false {
+  age.secrets.gitea-runner-token = {
+    file = ./secrets/gitea-runner-token.${config.networking.hostName}.age;
+    owner = "gitea";
+    group = "docker";
+  };
+
+    services.gitea-actions-runner.instances.nix =
+    let gitea-runner-directory = "/var/lib/gitea-runner";
+    in {
+      settings = {
+        cache = {
+          enabled = true;
+        };
+        container = {
+          workdir_parent = "${gitea-runner-directory}/workspace";
+        };
+        host = {
+          workdir_parent = "${gitea-runner-directory}/action-cache-dir";
+        };
+      };
+      hostPackages = with pkgs; [
+        bash
+        coreutils
+        curl
+        gawk
+        git-lfs
+        nixFlakes
+        gitFull
+        gnused
+        nodejs
+        wget
+      ];
+      enable = true;
+      name = config.networking.hostName;
+      url = "http://1896Folsom.duckdns.org:3000";
+      tokenFile = config.age.secrets.gitea-runner-token.path;
+      labels = [
+        "nixos-${pkgs.system}:host"
+        "nix:docker://localhost:5921/nix-runner"
+      ];
+    };
+
+    systemd.services.gitea-runner-nix.environment =
+      let gitea-runner-directory = "/var/lib/gitea-runner"; in {
+        XDG_CONFIG_HOME = gitea-runner-directory;
+        XDG_CACHE_HOME = "${gitea-runner-directory}/.cache";
+      };
+}
diff --git a/nixos/gitea.nix b/nixos/gitea.nix
index 969a0483..1d72524b 100644
--- a/nixos/gitea.nix
+++ b/nixos/gitea.nix
@@ -1,6 +1,5 @@
 { config, makeEnable, ... }:
 makeEnable config "modules.gitea" false {
-  age.secrets."gitea-runner-token".file = ./secrets/gitea-runner-token.age;
 
   services.gitea = {
     enable = true;
@@ -10,11 +9,4 @@ makeEnable config "modules.gitea" false {
       SSH_PORT = 1123;
     };
   };
-
-  services.gitea-actions-runner.instances-nix-runner = {
-    enable = true;
-    url = config.services.gitea.settings.server.ROOT_URL;
-    tokenFile = config.age.secrets.gitea-runner-token.path;
-    labels = [ "nixos:host" ];
-  };
 }
diff --git a/nixos/machines/ryzen-shine.nix b/nixos/machines/ryzen-shine.nix
index e50628d2..24cfd0aa 100644
--- a/nixos/machines/ryzen-shine.nix
+++ b/nixos/machines/ryzen-shine.nix
@@ -9,6 +9,7 @@
   # Needed for now because monitors have different refresh rates
   modules.xmonad.picom.vSync.enable = false;
   modules.cache-server.enable = true;
+  modules.gitea-runner.enable = true;
 
   boot.loader.systemd-boot.configurationLimit = 5;
 
diff --git a/nixos/secrets/gitea-runner-token.ryzen-shine.age b/nixos/secrets/gitea-runner-token.ryzen-shine.age
new file mode 100644
index 0000000000000000000000000000000000000000..9b19260c1d620045cecc72f456de79b1f47374d0
GIT binary patch
literal 2305
zcmZXUJInM48HTNc3O2%a<L;+Te7~FzgP<gtoHIF3PHdC&OpY^2W^zyqK@bZo(Za?b
zU@evwVqv8gf-aW(16*9uLc~|t&*FW5!Nqgm&wa&Z{*-s=uwJK2-@WaJ5_%xO(>HhH
zcz((=lpv7(E-DB2#_Yzt->>TBBBy4*hy8=YxF@K;xyC6?UB)pQ2^Tv75B)L(>b@h;
zz>UTILT*w?`)29RxqQf?0pslG_-MsZGbN9f@mI8%&75+_NV0uwbSSsa1<I;t=AtNj
zA(B{s>$pb7Sr6SOrY?>P17tUEu^y~Gfr`?yRUr=L=8*>(R854j<M?{<Jh~7uAs%1S
zj#9KX^KS1pE9Xn3A+8+JFfh~~Ob%`6(9v_-*N-Y*rBeM!Ben!wO~DD(9eLkeh(1Wf
zONH9fRvFz04Zdu^&5cbnE6n@!9c>unT{$ZYYyoUzg$zV!axJjQXkiSQcPBkZQgAug
z)<NfUV?2R;c6)HkHAp$dSB;+1(X1||xt&`eNDyxF@I-QJgyH3~nwSV&8nwX4^?t-S
z;d}|vR5#qgWXgj%PddUG=j;)T`h9_C9hgUFhz?BVjQXX5hJxf*`gSW;=#-6z3oXN}
zi5rX{XxYRKX_q93366&5qU!+8Z3Y4i-L6JfY{g(^XK)!VNWPeb$KRW@3D8TJAWmuz
zxaT@-$l-@nxR-Tv;2#Xu?6H6>02r*IdDJz36_0)wnH5XG8Zvg08Q*io>TDQ1Zl<kf
zNyTUhcE{z`8Ou~@IkI1eVFr@nG*`ny-RdZ->^yJN`BpLS(th{1p&<7Xvx^8WIy&px
zfY)MGR6-eH>cUwd)tr}sC~myeZ7eMviHi&jT&kO_I>lp7s|3ZK`^+-8A!%HLvDQp1
z&bQS}jFv3vmo(KXF8#dAZyM)fdJ-{4IHo)Y^TTbc4oviz%ww<$dW0y=$p{UG2RiV&
zkID7wn?uTOxgb|nfVpMLZ&Bd0In2k=!}sm5mf)AP+DYZ5+(95#l$R?m>RsCCn9w<7
zB#%h}YgWD-j>n@GYh<Q543YwHN@<06_m!0vDH7>KyeGi64`U;4mP2YoeSNN$^SI#i
zOPaI=$Tshi=T-zP)=(&n+YJ%;N+LSd!8VMr@sX;9&1p~OqBq_NAX@Md=&Uc`ebMJw
zs!ODOdJIMoniGviU`?Rb41!u5SubgyC7Ftv1x<0M!-bVW#6IL3P=^&t&%L3U(Q!H2
zNZ_3UY^DKMgkz}N=NO;&T$^Yc9Y&@tf)Nbr25R@#(TpZvJP*q&-yl62!1K<;85xY4
z*_T}+z@wI|#U&*c-2fk|1I@ytYUXV$Iua=X>@d?90k>h;f|a>AlONF@mk3&0sfrdm
zV_cn+$K{CZ>({ptmlN|WgA>lw-DRPC&kmg{svolFm%QP(;BMumA04PF4RDCMz(8V4
z;MIe*jk0eBXf)cDv4c9>cqd-lJsS_ge!n{Y)w5nL0L~o(WOlqz!o(#R50Ddg%6Usp
zt;9XBaTRLhYPrus(Mn~KY3FPKD3J>ye)J1|LMi8--`DG1(uVy2!wGsfB+w3wiz6zI
z{K}<!2sej$N8`x|L+-Jqij)(TZh|7^TAw40>XmT})PRVk^nlq>a{?f=pQ%)jIS3uq
zt9!*3kg3d5rjdCb+HB$3oF@cciYoti>AQ88OpSrou0>jN3v<4?Wf4~(I+c?A!9J-l
zFHL@iR}BH$twv>$7y{<K2lb3DnCLk0e2XH`QaW3HtR<ozhEBfrX;MS%CCB-fy#-`0
zPS)-eN62+kC6i&s?Usp?jPli}?>8pD$}3LTdzr2od*H+#D9+(<bB1!7&QMl$eU;fA
zHZI=9fxVXNh+#r`1iuz6^(slYjcIP)+2_pd;^!H#h`}x;o59Lm?9s%I5-+GE6F+zP
zfT(rZ;XvgXR<2bf$dT26rG-7pdxqvCdxQ7jq;~8`V}sis>SOr7+xAc8kUv{)_W|{l
zc=uuZt=;JZir+KYo85Pkx9V4cgC<!*GT-2bZJgcORFwtO%#63R2OEinM6&A1yK!vh
z8BH4Zc6ik8d`&NTqlEMHtdKU>DQ}u)WXO>oGacQ*lpD>vMKCz2PQkH8l;!jGpPqJ)
zN@$`Qy54R_t2Sk`Lkp9<^7TXtoF>cL-o^#rKC?~~0@5%4^Si(Q=DVMVcJGs4{=xS@
z7T^2g_>B*Lf0zI9^N+uT;M^ZBf9w8wczW-LZ-4dEZ~ykkpMLM_ME<A0{QD<A`rJof
c+ur}=&%gNe*Z=zCCvV>T^JnKt{lZ881uA9izyJUM

literal 0
HcmV?d00001

diff --git a/nixos/secrets/secrets.nix b/nixos/secrets/secrets.nix
index 10abe652..dc16780a 100644
--- a/nixos/secrets/secrets.nix
+++ b/nixos/secrets/secrets.nix
@@ -5,4 +5,5 @@ in
   "gpg-passphrase.age".publicKeys = keys.agenixKeys;
   "cache-priv-key.pem.age".publicKeys = keys.agenixKeys;
   "gitea-runner-token.age".publicKeys = keys.agenixKeys;
+  "gitea-runner-token.ryzen-shine.age".publicKeys = keys.agenixKeys;
 }