From 84c39b405972516a9be2e8be8729097f8691050f Mon Sep 17 00:00:00 2001
From: sinanmohd <sinan@sinanmohd.com>
Date: Fri, 17 Oct 2025 08:31:18 +0530
Subject: chore(os/kay): refactor

---
 os/kay/modules/services/github-runner.nix | 41 +++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 os/kay/modules/services/github-runner.nix

(limited to 'os/kay/modules/services/github-runner.nix')

diff --git a/os/kay/modules/services/github-runner.nix b/os/kay/modules/services/github-runner.nix
new file mode 100644
index 0000000..dd4d48d
--- /dev/null
+++ b/os/kay/modules/services/github-runner.nix
@@ -0,0 +1,41 @@
+{ config, ... }:
+let
+  repo = "nocodb/nocodb";
+  nocodbRunnerUser = "nocodbrunner";
+  user = config.global.userdata.name;
+in
+{
+  sops.secrets = {
+    "github-runner/nocodb-registration-token" = { };
+    "github-runner/age-master-key" = { };
+  };
+
+  # required by github:nocodb/nocodb docker builds
+  virtualisation.docker.enable = true;
+  users.groups.${nocodbRunnerUser} = { };
+  users.extraGroups.docker.members = [
+    user
+    nocodbRunnerUser
+  ];
+  users.users.nocodbrunner = {
+    name = nocodbRunnerUser;
+    group = nocodbRunnerUser;
+    isSystemUser = true;
+  };
+  services.github-runners.kay = {
+    user = nocodbRunnerUser;
+    group = nocodbRunnerUser;
+    enable = true;
+    noDefaultLabels = true;
+    extraLabels = [ "nix" ];
+    tokenFile = config.sops.secrets."github-runner/nocodb-registration-token".path;
+    url = "https://github.com/${repo}";
+  };
+
+  systemd.services."github-runner-kay" = {
+    environment.SOPS_AGE_KEY_FILE = "%d/age-master-key";
+    serviceConfig.LoadCredential = "age-master-key:${
+      config.sops.secrets."github-runner/age-master-key".path
+    }";
+  };
+}
-- 
cgit v1.2.3