From e271cb59543d8b19b65ca411515113910b385864 Mon Sep 17 00:00:00 2001
From: Jean-Marie 'Histausse' Mineau <histausse@protonmail.com>
Date: Mon, 12 Feb 2024 22:49:23 +0100
Subject: [PATCH] add forgejo runner

---
 pp-forgejo-runner.nix | 40 ++++++++++++++++++++++++++++++++++++++++
 pp-forgejo.nix        | 14 +++++++++++++-
 2 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 pp-forgejo-runner.nix

diff --git a/pp-forgejo-runner.nix b/pp-forgejo-runner.nix
new file mode 100644
index 0000000..185a601
--- /dev/null
+++ b/pp-forgejo-runner.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, ... }:
+with lib;
+let
+  cfgBase = config.base;
+  cfg = config.services.ppForgejoRunner;
+in
+{
+  options.services.ppForgejoRunner = {
+    forgeUrl = mkOption {
+      type = types.str;
+      default = "git.${cfgBase.domainName}";
+      example = "git.example.com";
+      description = "The domain of the forgejo server";
+    };
+    runnerName = mkOption {
+      type = types.str;
+      default = "${cfgBase.name}.${cfgBase.domainName}";
+      example = "git-runner.example.com";
+      description = "The name of the runner";
+    };
+    tokenFile = mkOption {
+      type = types.str;
+      default = "/etc/forgejo_db_pwd";
+      description = "The file containing the token to access forgejo. Be sure to secure it. The content of the file must be of the form TOKEN=<token>";
+    };
+  };
+
+  config = {
+    virtualisation.podman.enable = true;
+    services.gitea-actions-runner.package = pkgs.forgejo-actions-runner;
+    services.gitea-actions-runner.instances."${cfg.runnerName}" = {
+      enable = true;
+      name = cfg.runnerName;
+      url = cfg.forgeUrl;
+      tokenFile = cfg.tokenFile;
+      labels = [
+        "debian:docker://debian:bookworm"
+      ];
+    };
+}
diff --git a/pp-forgejo.nix b/pp-forgejo.nix
index 7a0ec2b..6ad979d 100644
--- a/pp-forgejo.nix
+++ b/pp-forgejo.nix
@@ -12,7 +12,7 @@ in
       example = "git.example.com";
       description = "The domain of the server";
     };
-    openIdEnable = mkOption {
+    openIdEnabled = mkOption {
       type = types.bool;
       default = false;
       description = "If OpenId provider is setup and should be used exclusively.";
@@ -35,6 +35,11 @@ in
       default = "/etc/forgejo_db_pwd";
       description = "The file containing the database password. Be sure to secure it.";
     };
+    actionsEnabled = mkOption {
+      type: types.bool;
+      default = false;
+      description = "Enable the use of actions";
+    };
   };
 
   config = {
@@ -59,6 +64,7 @@ in
 
     services.forgejo.settings.repository.ENABLE_PUSH_CREATE_USER = true;
     services.forgejo.settings.repository.ENABLE_PUSH_CREATE_ORG = true;
+    services.forgejo.settings.repository.DEFAULT_REPO_UNITS = "repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages,repo.actions";
 
     # Set the permittions for the db file
     system.activationScripts = {
@@ -85,6 +91,12 @@ in
         DESCRIPTION = "Code everywhere";
       };
     };
+
+
+    services.forgejo.settings.actions = lib.mkIf (cfg.actionsEnabled) {
+      ENABLED = true;
+      DEFAULT_ACTION_URL = "https://${cfg.domain}";
+    };
   
 
     # NGINX