Add agenix secrets management / test forgejo runner deployment

services/default.nix

@@ -4,6 +4,7 @@
     ./nginx
     ./netbox
     ./gitea
+    ./forgejo-runner
     ./redis
     ./jellyfin
     ./nextcloud

services/forgejo-runner/default.nix

@@ -0,0 +1,23 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.services.vm_forgejo;
+in
+{
+  options.services.vm_forgejo = {
+    enable = lib.mkEnableOption "Enable Forgejo service";
+  };
+  config = lib.mkIf cfg.enable {
+    services.forgejo-actions-runner = {
+      package = pkgs.forgejo-actions-runner;
+      instances.default = {
+        enable = true;
+        name = "monolith";
+        url = "https://git.le43.eu";
+        tokenFile = config.age.secrets.forgejo-runner-token.path;
+        labels = [
+          "ubuntu-latest:docker://node:16-bullseye"
+        ];
+      };
+    };
+  };
+}

services/minimalConfig/default.nix

@@ -93,7 +93,7 @@
       settings.PermitRootLogin = "prohibit-password";
       hostKeys = [
         {
-          path = "/var/ssh/ssh_host_ed25519_key";
+          path = "/etc/ssh/ssh_host_ed25519_key";
           type = "ed25519";
         }
       ];
@@ -118,6 +118,6 @@
 
   system = {
     stateVersion = "24.05";
-    activationScripts.ensure-ssh-key-dir.text = "mkdir -p /var/ssh";
+    activationScripts.ensure-ssh-key-dir.text = "mkdir -p /etc/ssh";
   };
 }