dotfiles/nixos/boxes/bolty/gitea-runner.nix

{ config, pkgs, inputs, lib, system, ... }: 
let
  unstable = inputs.nixpkgs-nixos-unstable;
  package = unstable.legacyPackages."${system}".gitea-actions-runner;
in
{
  sops.secrets."gitea-runner-token" = {
    sopsFile = ./gitea-runner-token.sops;
    format = "binary";
  };
  virtualisation.docker = {
    enable = true;
    autoPrune.enable = true;
    daemon.settings = { 
      dns = ["9.9.9.9"];  
    };
  };
  disabledModules = [ "services/continuous-integration/gitea-actions-runner.nix" ];
  imports = [ "${unstable}/nixos/modules/services/continuous-integration/gitea-actions-runner.nix" ];

  services.gitea-actions-runner = {
    inherit package;
    instances.bolty1 = {
      enable = true;
      url = "https://git.cyplo.dev";
      tokenFile = config.sops.secrets."gitea-runner-token".path;
      name = "bolty1";
      hostPackages = with pkgs; [
        bash
        coreutils
        curl
        gawk
        gitMinimal
        gnused
        nodejs
        wget
        sudo
        nix
      ];
      labels = [
        "flakes-action:docker://git.cyplo.dev/cyplo/base-images/flakes-action:latest"
        "ubuntu-kinetic:docker://ubuntu:kinetic"
        "linux_amd64:host" # compat with github actions
      ];
    };
  };
  environment.etc."gitea-actions-runner/config".text = builtins.readFile ./gitea-runner-config;
  systemd.services.gitea-runner-bolty1.serviceConfig.ExecStart = lib.mkForce "${package}/bin/act_runner -c /etc/gitea-actions-runner/config daemon";
}