{ config, lib, pkgs, ... }: let numRunners = 2; in { age.secrets.kitchen-runner-token = { file = ../../secrets/kitchen-runner-token.age; owner = "gitea-runner"; }; services.gitea-actions-runner = { package = pkgs.forgejo-actions-runner; instances = lib.genAttrs (builtins.genList (n: "runner${builtins.toString n}") numRunners) (name: { enable = true; inherit name; url = config.services.forgejo.settings.server.ROOT_URL; tokenFile = config.age.secrets.kitchen-runner-token.path; labels = ["docker" "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"]; settings = { log.level = "warn"; container.network = "host"; }; }); }; systemd.services = lib.genAttrs (builtins.genList (n: "gitea-runner-runner${builtins.toString n}") numRunners) (_: { serviceConfig.Nice = 15; }); virtualisation.podman = { enable = true; autoPrune.enable = true; dockerSocket.enable = true; }; users.groups.gitea-runner = {}; users.users.gitea-runner = { isSystemUser = true; group = "gitea-runner"; extraGroups = ["podman"]; home = "/var/lib/gitea-runner/"; }; }