calcite: use as forgejo runner

modules/nixos/default.nix

@@ -8,5 +8,6 @@
     ./sing-box.nix
     ./kanidm-client.nix
     ./ssh-tpm-agent.nix # FIXME: Waiting for upstream merge
+    ./forgejo-actions-runner.nix
   ];
 }

modules/nixos/forgejo-actions-runner.nix

@@ -0,0 +1,34 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.custom.forgejo-actions-runner;
+in
+{
+  options = {
+    custom.forgejo-actions-runner = {
+      enable = lib.mkEnableOption "TPM supported ssh agent in go";
+      tokenFile = lib.mkOption {
+        type = lib.types.path;
+      };
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    virtualisation.docker.enable = true;
+    services.gitea-actions-runner.package = pkgs.forgejo-actions-runner;
+    services.gitea-actions-runner.instances = {
+      "git.xinyang.life" = {
+        enable = true;
+        url = "https://git.xinyang.life";
+        tokenFile = cfg.tokenFile;
+        name = config.networking.hostName;
+        labels = [
+          "debian-latest:docker://node:18-bullseye"
+          "ubuntu-latest:docker://node:18-bullseye"
+          "nix:docker://xiny/nix-runner:2.21.0-pkgs-23.11"
+        ];
+        settings = {
+          container.network = "host";
+        };
+      };
+    };
+  };
+}