switch to native nix gitea action

gitea: check runner label

modules/web01/gitea/actions-runner.nix

@@ -4,7 +4,7 @@ let
   inherit (self.packages.${pkgs.hostPlatform.system}) actions-runner;
 in
 {
-  systemd.services.gitea-actions-runner-nix-image = {
+  systemd.services.gitea-runner-nix-image = {
     wantedBy = [ "multi-user.target" ];
     script = ''
       ${lib.getExe pkgs.podman} load --input=${actions-runner}
@@ -14,7 +14,7 @@ in
       RemainAfterExit = true;
     };
   };
-  systemd.services.gitea-actions-runner-nix-token = {
+  systemd.services.gitea-runner-nix-token = {
     wantedBy = [ "multi-user.target" ];
     after = [ "gitea.service" ];
     environment = {
@@ -41,15 +41,40 @@ in
 
   systemd.services.gitea-runner-nix = {
     after = [
-      "gitea-actions-runner-nix-token.service"
-      "gitea-actions-runner-nix-image.service"
+      "gitea-runner-nix-token.service"
+      "gitea-runner-nix-image.service"
     ];
     requires = [
-      "gitea-actions-runner-nix-token.service"
-      "gitea-actions-runner-nix-image.service"
+      "gitea-runner-nix-token.service"
+      "gitea-runner-nix-image.service"
     ];
+    # TODO: systemd confinment
+    #serviceConfig = {
+    #  Environment = [
+    #    "NIX_REMOTE=daemon"
+    #    "PAGER=cat"
+    #  ];
+    #  BindPaths = [
+    #    "/nix/var/nix/daemon-socket/socket"
+    #    "/run/nscd/socket"
+    #    "/var/lib/drone"
+    #  ];
+    #};
   };
 
+  #services.gitea-actions-runner.instances.nix-container = {
+  #  enable = true;
+  #  name = "nix-runner";
+  #  # take the git root url from the gitea config
+  #  # only possible if you've also configured your gitea though the same nix config
+  #  # otherwise you need to set it manually
+  #  url = config.services.gitea.settings.server.ROOT_URL;
+  #  # use your favourite nix secret manager to get a path for this
+  #  tokenFile = "/var/lib/gitea-actions-runner/token";
+  #  labels = [
+  #    "nix:docker://${actions-runner.imageName}"
+  #  ];
+  #};
   services.gitea-actions-runner.instances.nix = {
     enable = true;
     name = "nix-runner";
@@ -59,8 +84,22 @@ in
     url = config.services.gitea.settings.server.ROOT_URL;
     # use your favourite nix secret manager to get a path for this
     tokenFile = "/var/lib/gitea-actions-runner/token";
-    labels = [
-      "nix:docker://${actions-runner.imageName}"
+    labels = [ "nix:host" ];
+    hostPackages = with pkgs; [
+      bash
+      coreutils
+      curl
+      gawk
+      gitMinimal
+      gnused
+      jq
+      nixUnstable
+      nodejs
+      wget
+      gnutar
+      bash
+      config.nix.package
+      gzip
     ];
   };
 }