{ pkgs, config, hostname, ... }: { # Set up the secret for the password: sops.secrets."services/forgejo_token" = { owner = "root"; mode = "0444"; # gitea-actions-runner uses "DynamicUser" sopsFile = ../../../secrets/secrets.yaml; restartUnits = [ "gitea-actions-runner-${hostname}.service" ]; }; services.gitea-actions-runner = { package = pkgs.forgejo-actions-runner; instances."${hostname}" = { enable = true; name = "${hostname}"; labels = [ "native:host" "nixos" ]; url = "https://git.sysctl.io"; tokenFile = /run/secrets/services/forgejo_token; }; }; }