💻 runners:

now pink is a runner for forgejo too

flake.nix

@@ -43,8 +43,10 @@
           inherit system;
           modules = [
             ./hosts/pink/root.nix
+            ./secrets/pink.nix
             ./root.nix
             i2pd-exporter.nixosModules.default
+            agenix.nixosModules.default
             home-manager.nixosModules.home-manager
             {
               home-manager.useGlobalPkgs = true;

hosts/pink/root.nix

@@ -9,6 +9,7 @@
     ./services/dns.nix
     ./services/endlessh.nix
     ./services/i2pd.nix
+    ./services/actions-runner.nix
     #./services/hydra.nix
 
 
@@ -25,7 +26,7 @@
   boot.loader.efi.canTouchEfiVariables = true;
 
   networking.hostName = "pink";
-  networking.domain = "stuff.local";
+  networking.domain = "4o1x5.dev";
 
   users.users.pink = {
     isNormalUser = true;

hosts/pink/services/actions-runner.nix

@@ -0,0 +1,23 @@
+{ pkgs, config, ... }:
+{
+
+  services.gitea-actions-runner.instances = {
+    root = {
+      enable = true;
+      url = "https://git.4o1x5.dev";
+      tokenFile = config.age.secrets.actions-runner.path;
+      settings = {
+        container = {
+          # TODO fix: networking
+          # instead of using host, create a subnet that cannot contact other server on my network to avoid being haxxed
+          network = "host";
+        };
+      };
+      labels = [
+        "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+      ];
+      name = "${config.networking.hostName}@${config.networking.domain}";
+    };
+  };
+}
+

secrets/actions-runner.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 VxAJjg Qn5U+TQZkSgLpUd9RslXW46cJpJSHmrIB6EyYp6I9lM
+F9LTpgeTRVQrLDEu+y3oPdmglACitELkqRk1Bltks1k
+-> ssh-ed25519 j1TNiw HUY1D/Z8dzY+V+PoAG2mdf4LcAqeUeSxtvZVoac5lW8
+Ydf0OjZA5h2WMevjqj1Y8gvRMFmMYvmwV2u2pCTrluE
+--- 01ct0V0j57KgQZa9/kzQrlYX8NCEkfMdQ2GJogx3zm4
+兛O瞃驌	X3軴&%<25>肒h鸾`U撳谌mt_'<27>1p~9<>.丹鹈u9#'<27>骏尛r睇Ud衋鼂a瘄艜雳

secrets/pink.nix

@@ -0,0 +1,4 @@
+{ pkgs, ... }: {
+  age.secrets.actions-runner.file = ./actions-runner.age;
+}
+

secrets/secrets.nix

@@ -4,21 +4,25 @@ let
 
   carbon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGgB3WAu0WWaRog795SwgM2vUXXB1/oosIhXRZ9kPZ+P";
   lime = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPiO7+7mFkXQ5jYNSmGErC+C6js0CvSWw0Pe9NAtuL1W";
+  pink = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNSR+kq1CzLQ9+AFKDBnOZLDOSFdDg2T8OU1KHrp89l";
+
   systems = [ carbon ];
 in
 {
+  # CARBON
   "synapse.age".publicKeys = [ grape carbon ];
   "anonymousoverflow.age".publicKeys = [ grape carbon ];
   "forgejo-runner.age".publicKeys = [ grape carbon ];
-
   "piped.age".publicKeys = [ grape carbon ];
-  # scribe
   "github-username.age".publicKeys = [ grape carbon ];
   "github-token.age".publicKeys = [ grape carbon ];
   "scribe-secret.age".publicKeys = [ grape carbon ];
 
+  # LIME
   "porkbun.age".publicKeys = [ grape lime ];
   "porkbun-user.age".publicKeys = [ grape lime ];
 
+  # PINK
+  "actions-runner.age".publicKeys = [ grape pink ];
 
 }