Configure new forgejo-actions-runner host

Configure it to host a forgejo-actions-runner capable of handling CI
workloads running on Docker.

config/hosts/forgejo-actions-runner/configuration.nix

@@ -0,0 +1,7 @@
+{ config, pkgs, ... }:
+
+{
+  networking.hostName = "forgejo-actions-runner";
+
+  system.stateVersion = "23.11";
+}

config/hosts/forgejo-actions-runner/default.nix

@@ -0,0 +1,10 @@
+{ ... }:
+
+{
+  imports = [
+    ./configuration.nix
+    ./docker.nix
+    ./forgejo-actions-runner.nix
+    ./networking.nix
+  ];
+}

config/hosts/forgejo-actions-runner/docker.nix

@@ -0,0 +1,13 @@
+# Sources for this configuration:
+# - https://nixos.wiki/wiki/Docker
+{ config, pkgs, ... }:
+
+{
+  virtualisation.docker = {
+    enable = true;
+    autoPrune = {
+      enable = true;
+      dates = "weekly";
+    };
+  };
+}

config/hosts/forgejo-actions-runner/forgejo-actions-runner.nix

@@ -0,0 +1,30 @@
+# Sources for this configuration:
+# - https://forgejo.org/docs/latest/admin/actions/
+# - https://forgejo.org/docs/latest/user/actions/
+# - https://docs.gitea.com/next/usage/actions/act-runner
+
+{ config, pkgs, ... }:
+
+{
+  services.gitea-actions-runner = {
+    package = pkgs.forgejo-actions-runner;
+    instances.ccchh-forgejo-global-docker = {
+      enable = true;
+      name = "Global Docker Forgejo Actions Runner";
+      url = "https://git.hamburg.ccc.de/";
+      tokenFile = "/secrets/registration-token.secret";
+      labels = [ "docker:docker://node:current-bookworm" ];
+    };
+  };
+
+  deployment.keys = {
+    "registration-token.secret" = {
+      keyCommand = [ "pass" "noc/services/forgejo-actions-runner/registration_token" ];
+      destDir = "/secrets";
+      user = "gitea-runner";
+      group = "gitea-runner";
+      permissions = "0640";
+      uploadAt = "pre-activation";
+    };
+  };
+}

config/hosts/forgejo-actions-runner/networking.nix

@@ -0,0 +1,20 @@
+{ config, pkgs, ... }:
+
+{
+  networking.interfaces.net0 = {
+    ipv4.addresses = [
+      {
+        address = "172.31.17.155";
+        prefixLength = 25;
+      }
+    ];
+  };
+  networking.defaultGateway = "172.31.17.129";
+  networking.nameservers = [ "212.12.50.158" "192.76.134.90" ];
+  networking.search = [ "hamburg.ccc.de" ];
+
+  systemd.network.links."10-net0" = {
+    matchConfig.MACAddress = "1E:E0:4E:D0:DA:BE";
+    linkConfig.Name = "net0";
+  };
+}

flake.nix

@@ -178,6 +178,20 @@
           ./config/hosts/git
         ];
       };
+
+      forgejo-actions-runner = {
+        deployment = {
+          targetHost = "forgejo-actions-runner-intern.hamburg.ccc.de";
+          targetPort = 22;
+          targetUser = "colmena-deploy";
+          tags = [ "chaosknoten" ];
+        };
+        imports = [
+          ./config/common
+          ./config/proxmox-vm
+          ./config/hosts/forgejo-actions-runner
+        ];
+      };
     };
 
     packages.x86_64-linux = {