nixos-servers/services/actions-runner/default.nix

{ pkgs, config, ... }:
{
  sops.secrets."actions-token-1" = {
    sopsFile = ../../secrets/nix-cache01/actions_token_1;
    format = "binary";
  };

  virtualisation.podman = {
    enable = true;
    dockerCompat = true;
  };

  services.gitea-actions-runner.instances = {
    actions1 =
      let
        actions_dir = "/var/lib/private/gitea-runner/actions1";
      in
      {
        enable = true;
        tokenFile = config.sops.secrets.actions-token-1.path;
        name = "actions1.home.2rjus.net";
        settings = {
          log = {
            level = "debug";
          };

          runner = {
            file = ".runner";
            capacity = 4;
            timeout = "2h";
            shutdown_timeout = "10m";
            insecure = false;
            fetch_timeout = "10s";
            fetch_interval = "30s";
          };

          cache = {
            enabled = true;
          };

          container = {
            privileged = false;
            workdir_parent = "${actions_dir}/container_workspace";
          };
          host = {
            workdir_parent = "${actions_dir}/host_workspace";
          };
        };

        labels = [
          "homelab"
          "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:runner-latest"
          "alpine-latest:docker://alpine:latest"
          "nix-latest:docker://nixos/nix:latest"
          "nixos:host"
        ];

        url = "https://git.t-juice.club";
      };
  };
  systemd.services.gitea-runner-actions1.environment =
    let
      actions_dir = "/var/lib/private/gitea-runner/actions1";
    in
    {
      XDG_CONFIG_HOME = actions_dir;
      XDG_CACHE_COME = "${actions_dir}/.cache";
    };
}