adding gitea runner

nix/home-server.nix

@@ -286,6 +286,45 @@
       ];
     };
   };
+
+  services.gitea-actions-runner = {
+    instances.infrastructure = {
+      enable = true;
+      name = "infrastructure-runner";
+      url = "https://git.alexmickelson.guru";
+      tokenFile = "/data/runner/gitea-infrastructure-token.txt";
+      labels = ["home-server"];
+      hostPackages = with pkgs; [
+        docker
+        git-secret
+        zfs
+        sanoid
+        mbuffer
+        lzop
+        kubectl
+        kubernetes-helm
+      ];
+    };
+  };
+  systemd.services.gitea-actions-runner-infrastructure.serviceConfig = {
+    ReadWritePaths = [
+      "/data/cloudflare/"
+      "/data/runner/infrastructure"
+      "/data/runner"
+      "/home/github/infrastructure"
+    ];
+
+    PrivateDevices = false;
+    DeviceAllow = [ "/dev/zfs rw" ];
+    ProtectProc = false;
+    ProtectSystem = false;
+    PrivateMounts = false;
+    PrivateUsers = false;
+    ProtectHome = false;
+
+    Restart = "always";
+  };
+
   
   networking.firewall.enable = false;