nrec-nixos02: add Forgejo Actions runner with Podman

Adds a container-based Forgejo Actions runner on nrec-nixos02 connecting to code.t-juice.club, using Podman for sandboxed job execution with nix, node-bookworm, and alpine labels. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-08 23:17:27 +01:00
parent 00f46af628
commit 93aa91f307
2 changed files with 33 additions and 0 deletions
--- a/hosts/nrec-nixos02/default.nix
+++ b/hosts/nrec-nixos02/default.nix
@@ -3,6 +3,7 @@
  imports = [
    ./configuration.nix
    ../../system/packages.nix
+    ../../services/actions-runner
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
 }
--- a/services/actions-runner/default.nix
+++ b/services/actions-runner/default.nix
@@ -0,0 +1,32 @@
+{ config, pkgs, ... }:
+{
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = true;
+    dockerSocket.enable = true;
+  };
+
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-runner;
+
+    instances.actions1 = {
+      enable = true;
+      name = config.networking.hostName;
+      url = "https://code.t-juice.club";
+      tokenFile = "/var/lib/forgejo-runner/token";
+      labels = [
+        "nix:docker://nixos/nix:latest"
+        "node-bookworm:docker://node:lts-bookworm-slim"
+        "alpine:docker://alpine:latest"
+      ];
+      settings = {
+        runner.capacity = 2;
+        cache = {
+          enabled = true;
+          dir = "/var/cache/forgejo-runner";
+        };
+        container.privileged = false;
+      };
+    };
+  };
+}