Add Forgejo runner and check update action

hosts/forgejo-runner/default.nix

@@ -0,0 +1,55 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  p = import ../parameters.nix;
+in
+{
+
+  age.secrets.forgejo-runner-token.file = ../../secrets/forgejo-runner-token.age;
+
+  nix.settings = {
+    download-buffer-size = 524288000; # 500 MiB
+  };
+
+  my = {
+    utils = {
+      commons.enable = true;
+      lxc-standard.enable = true;
+    };
+
+    services.forgejo-runner = {
+      enable = true;
+      url = "https://git.${p.domains.public}";
+      tokenFile = config.age.secrets.forgejo-runner-token.path;
+      name = "nix-runner";
+      labels = [
+        "nix:host"
+        "native:host"
+      ];
+    };
+
+    virtualisation.proxmox.enable = true;
+  };
+
+  # Extra packages needed for CI operations
+  environment.systemPackages = with pkgs; [
+    git
+    colmena
+    jq
+    curl
+    just
+  ];
+
+  # Allow the runner to use nix-daemon
+  nix.settings.trusted-users = [
+    "root"
+    "gitea-runner"
+  ];
+
+  system.stateVersion = "25.11";
+}
+

hosts/hosts.nix

@@ -82,6 +82,15 @@
     ];
   };
 
+  forgejo-runner = {
+    module = ./forgejo-runner;
+    tags = [
+      "lxc"
+      "bacco"
+      "forgejo"
+    ];
+  };
+
   immich = {
     module = ./immich;
     tags = [

hosts/parameters.nix

@@ -29,6 +29,7 @@ in
     paperless = "paperless.${private-domain}";
     zigbee2mqtt = "zigbee2mqtt.${private-domain}";
     forgejo = "forgejo.${private-domain}";
+    forgejo-runner = "forgejo-runner.${private-domain}";
     n8n = "n8n.${private-domain}";
   };
   email = "davide@${public-domain}";