add runner on primordial

nixos/primordial/configuration.nix

@@ -14,6 +14,7 @@ in {
   sops.secrets."keycloak_db_pw" = {};
   sops.secrets."restic_mail_repository_password" = {};
   sops.secrets."restic_ssh_key" = {};
+  sops.secrets."act-runner-token" = {};
 
   imports = [
     ./mail.nix
@@ -231,6 +232,26 @@ in {
       lfs.enable = true;
     };
 
+    gitea-actions-runner.instances = {
+      docker-runner = {
+        enable = true;
+        name = "primordial-docker";
+        url = "https://git.fuckwit.dev";
+        tokenFile = config.sops.secrets."act-runner-token".path;
+        labels = [
+          "nix:docker://nixos/nix:latest"
+        ];
+        # hostPackages = with pkgs; [
+        #   bash
+        #   coreutils
+        #   curl
+        #   wget
+        #   gnused
+        #   gitMinimal
+        # ];
+      };
+    };
+
     grafana = {
       enable = true;
 
@@ -297,6 +318,8 @@ in {
     # };
   };
 
+  virtualisation.podman.enable = true;
+
   users.users."root".openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP8zNAXScQ4FoWNxF4+ALJXMSi3EbpqZP5pO9kfg9t8o patrick@NBG1-DC3-PC20-2017-10-24"
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPflDQOANGhgtfo2psRwSFtY5ETHX/bsDmqrho3iX9jt root@arschlinux"