single runner

modules/nix/gitea-actions-runners/nixos.nix

@@ -9,22 +9,40 @@ let
 in
 {
   config = lib.mkIf (cfg.enable && config.my.secureHost) {
+    users.groups.gitea-runner = { };
+    users.users.gitea-runner = {
+      isSystemUser = true;
+      group = "gitea-runner";
+      extraGroups = [
+        "docker"
+        "podman"
+      ];
+    };
+    nix.settings = {
+      allowed-users = [ "gitea-runner" ];
+      trusted-users = [ "gitea-runner" ];
+    };
     services.gitea-actions-runner.instances.nixos = {
       inherit (cfg) url enable;
       name = "${config.networking.hostName}-nixos";
       tokenFile = config.sops.secrets.gitea.path;
       labels = [
+        "nix:host"
         "nixos:host"
       ];
       hostPackages = builtins.attrValues {
         inherit (pkgs)
           bash
+          curl
           coreutils
           gitMinimal
-          nix
           attic-client
-          nodejs # Required for GitHub Actions
-          openssh # Required for SSH git operations
+          podman
+          podman-compose
+          nix
+          nodejs
+          openssh
+          python3
           ;
       };
     };

modules/nix/gitea-actions-runners/webref.nix

@@ -1,51 +0,0 @@
-{
-  lib,
-  config,
-  pkgs,
-  ...
-}:
-let
-  cfg = config.my.servers.gitea;
-in
-{
-  config = lib.mkIf (cfg.enable && config.my.secureHost) {
-    users.groups.gitea-runner = { };
-    users.users.gitea-runner = {
-      isSystemUser = true;
-      group = "gitea-runner";
-      extraGroups = [
-        "docker"
-        "podman"
-      ];
-    };
-    nix.settings = {
-      allowed-users = [ "gitea-runner" ];
-      trusted-users = [ "gitea-runner" ];
-    };
-    services.gitea-actions-runner.instances.webref = {
-      inherit (cfg) url enable;
-      name = "${config.networking.hostName}-nixos";
-      tokenFile = config.sops.secrets.gitea.path;
-      labels = [
-        "nix"
-        "ubuntu-latest:docker://node:20-bookworm"
-        "webref"
-      ];
-      hostPackages = builtins.attrValues {
-        inherit (pkgs)
-          bash
-          coreutils
-          curl
-          git
-          nix
-          nodejs
-          python3
-          postgresql
-          podman
-          podman-compose
-          attic-client
-          ;
-      };
-    };
-  };
-}

modules/servers/gitea.nix

@@ -11,7 +11,6 @@ in
 {
   imports = [
     ../nix/gitea-actions-runners/nixos.nix
-    ../nix/gitea-actions-runners/webref.nix
   ];
   options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083;
   config = lib.mkIf (cfg.enable && config.my.secureHost) {