Add Gitea Actions Runner and update OpenCode config

- Add Gitea Actions Runner service on m3-atlas with nixos:host label - Configure agenix secret for runner token - Add Antigravity provider models to OpenCode config - Switch m3ta-nixpkgs to local path for development
2026-01-14 20:55:23 +01:00
parent e1de4805ce
commit f9415c05f9
10 changed files with 235 additions and 61 deletions
--- a/hosts/m3-atlas/services/default.nix
+++ b/hosts/m3-atlas/services/default.nix
@@ -2,6 +2,7 @@
  imports = [
    ./containers
    ./gitea.nix
+    ./gitea-actions-runner.nix
    ./headscale.nix
    ./minio.nix
    ./mysql.nix
--- a/hosts/m3-atlas/services/gitea-actions-runner.nix
+++ b/hosts/m3-atlas/services/gitea-actions-runner.nix
@@ -0,0 +1,58 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  services.gitea-actions-runner = {
+    instances.default = {
+      enable = true;
+      name = "${config.networking.hostName}-runner";
+      url = "https://code.m3ta.dev";
+      tokenFile = config.age.secrets.gitea-runner-token.path;
+
+      # nixos:host is primary, ubuntu is fallback
+      labels = [
+        # Primary: Run directly on host (fastest, has Nix installed)
+        "nixos:host"
+
+        # Fallback: Docker-based execution for compatibility
+        "ubuntu-latest:docker://node:18-bullseye"
+        "ubuntu-22.04:docker://node:20-bullseye"
+      ];
+
+      # Host execution packages
+      hostPackages = with pkgs; [
+        git
+        bash
+        coreutils
+        nix
+        # Add any other tools you need for nix-update workflows
+      ];
+
+      # Advanced settings
+      settings = {
+        runner = {
+          capacity = 1; # One job at a time (increase if you have resources)
+          timeout = "4h"; # Nix builds can take a while
+        };
+        cache = {enabled = true;};
+        container = {
+          enable_ipv6 = true;
+          privileged = false;
+        };
+      };
+    };
+  };
+
+  # User management (auto-created by module, but ensuring proper setup)
+  users.users.gitea-runner = {
+    home = "/var/lib/gitea-runner";
+    group = "gitea-runner";
+    isSystemUser = true;
+    createHome = true;
+  };
+  users.groups.gitea-runner = {};
+
+  # Firewall: Allow Podman bridge networks for cache actions
+  networking.firewall.trustedInterfaces = ["br-+"];
+}