add forgejo-runner on forgejo vm

hosts/forgejo-runner-1/default.nix

@@ -4,6 +4,8 @@ nixpkgs.lib.nixosSystem {
   modules = common-modules ++ [
     ./hardware.nix
     ../../users/vinzenz.nix
+    ../../modules/podman.nix
+    ./forgejo-runner.nix
     { networking.hostName = "forgejo-runner-1"; }
     {
       # uncomment for build check on non arm system (requires --impure)
@@ -11,8 +13,8 @@ nixpkgs.lib.nixosSystem {
     }
     {
       services.tailscale.useRoutingFeatures = "both";
-    }
+      system.autoUpgrade.allowReboot = true;
-    {
+
       users.users = {
         root.openssh.authorizedKeys.keys = [
           ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
@@ -21,8 +23,5 @@ nixpkgs.lib.nixosSystem {
         ];
       };
     }
-    {
-      system.autoUpgrade.allowReboot = true;
-    }
   ];
 }

hosts/forgejo-runner-1/forgejo-runner.nix

@@ -0,0 +1,28 @@
+{ pkgs, ... }:
+{
+  config = {
+    environment.systemPackages = with pkgs; [
+      forgejo-runner
+    ];
+
+    # https://wiki.nixos.org/wiki/Forgejo
+
+    services.gitea-actions-runner = {
+      package = pkgs.forgejo-actions-runner;
+      instances.default = {
+        enable = true;
+        name = "cccb";
+        url = "https://git.berlin.ccc.de";
+        # Obtaining the path to the runner token file may differ
+        # tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
+        tokenFile = "/etc/forgejo-runner/registration_token";
+        labels = [
+          "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:rust-latest"
+        ];
+        settings = {
+          container.network = "bridge";
+        };
+      };
+    };
+  };
+}