feat: add 2 podman runners for forgejo

hosts/ami/forgejo-action-runner.nix

@@ -0,0 +1,31 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  numRunners = 2;
+in {
+  age.secrets.kitchen-runner-token = {
+    file = ../../secrets/kitchen-runner-token.age;
+    owner = "gitea-runner";
+  };
+
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-actions-runner;
+
+    instances = lib.genAttrs (builtins.genList (n: "runner${builtins.toString n}") numRunners) (name: {
+      enable = true;
+      name = "runner";
+      url = config.services.forgejo.settings.server.ROOT_URL;
+      tokenFile = config.age.secrets.kitchen-runner-token.path;
+      labels = ["docker" "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"];
+      settings.log.level = "warn";
+    });
+  };
+
+  virtualisation.podman = {
+    enable = true;
+    autoPrune.enable = true;
+  };
+}

hosts/ami/forgejo.nix

@@ -1,6 +1,10 @@
 {pkgs, ...}: let
   port = 3000;
 in {
+  imports = [
+    ./forgejo-action-runner.nix
+  ];
+
   services = {
     forgejo = {
       enable = true;

secrets.nix

@@ -3,5 +3,6 @@ let
 in {
   "secrets/bitwarden.age".publicKeys = [buffet];
   "secrets/borgpassword.age".publicKeys = [buffet];
+  "secrets/kitchen-runner-token.age".publicKeys = [buffet];
   "secrets/msmtppassword.age".publicKeys = [buffet];
 }

secrets/kitchen-runner-token.age

@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 zRvPWg L1Az4B9mJWLdXWD3wiGFMmv4dD7xqDBHKWLRHcWrVTY
+u6p2pQT9YliZpLVhqXJV04EB8wk9+nUhanJAaKQku4c
+--- QsdBiqGhl+3dBJ+NQhPTExPBGQPLpeng3z2Tqnv49dI
+Îb~‘<1A>/½Z‘á0éß©°m)°=™bwBôzï°o¦€ñ	¹ÅZ‡®aÆ«ï<C2AB>ZjðgHÕùÅe9†q@@°h˜RÈêwcM