From 8cdedae4dbad777ca0fc0133c5859e806d3f4555 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 17 Dec 2025 15:19:05 +0000
Subject: [PATCH] Add GitHub Actions runner configuration to nix-builder

Co-authored-by: Jyumpp <11142390+Jyumpp@users.noreply.github.com>
---
 docs/DEVELOPMENT.md | 31 +++++++++++++++++++++++++++++++
 inventory.nix       | 21 ++++++++++++++++++++-
 2 files changed, 51 insertions(+), 1 deletion(-)

diff --git a/docs/DEVELOPMENT.md b/docs/DEVELOPMENT.md
index 31f7655..5644277 100644
--- a/docs/DEVELOPMENT.md
+++ b/docs/DEVELOPMENT.md
@@ -125,6 +125,37 @@ CI jobs run on the `nix-builder` host as a self-hosted GitHub Actions runner. Th
 - Consistent build environment matching deployment targets
 - Direct access to build caching infrastructure
 
+#### Setting Up the GitHub Actions Runner
+
+The nix-builder host is configured with a GitHub Actions self-hosted runner in `inventory.nix`. To complete the setup:
+
+1. **Generate a GitHub Personal Access Token (PAT)**:
+   - Go to https://github.com/settings/tokens
+   - Create a new token with `repo` scope
+   - Copy the token value
+
+2. **Create the token file on nix-builder**:
+   ```bash
+   ssh engr-ugaif@nix-builder
+   echo "YOUR_TOKEN_HERE" | sudo tee /var/lib/github-runner-token > /dev/null
+   sudo chmod 600 /var/lib/github-runner-token
+   ```
+
+3. **Rebuild the system** to start the runner:
+   ```bash
+   sudo nixos-rebuild switch --flake github:UGA-Innovation-Factory/nixos-systems#nix-builder
+   ```
+
+4. **Verify the runner is registered**:
+   - Check https://github.com/UGA-Innovation-Factory/nixos-systems/settings/actions/runners
+   - The runner should appear with the `nix-builder` label
+
+The runner service is configured in the nix-builder device configuration and will automatically:
+- Register with the repository on first start
+- Use the `nix-builder` label for workflow targeting
+- Run as the `engr-ugaif` user
+- Store work in `/var/lib/github-runner`
+
 ### Troubleshooting CI Failures
 
 If CI fails:
diff --git a/inventory.nix b/inventory.nix
index 4e75a40..4846cb2 100644
--- a/inventory.nix
+++ b/inventory.nix
@@ -96,7 +96,26 @@
   # Creates: nix-builder (without lxc prefix)
   nix-lxc = {
     devices = {
-      "nix-builder" = { };
+      "nix-builder" = {
+        # GitHub Actions self-hosted runner configuration
+        # The runner will register itself with the repository on first start
+        services.github-runners.nixos-systems = {
+          enable = true;
+          url = "https://github.com/UGA-Innovation-Factory/nixos-systems";
+          # Token file must be created manually at this path with a GitHub PAT
+          # that has repo access. Generate at: https://github.com/settings/tokens
+          # echo "YOUR_TOKEN_HERE" | sudo tee /var/lib/github-runner-token > /dev/null
+          tokenFile = "/var/lib/github-runner-token";
+          # Labels to identify this runner in workflows
+          extraLabels = [ "nix-builder" ];
+          # User to run the runner as
+          user = "engr-ugaif";
+          # Working directory for runner
+          workDir = "/var/lib/github-runner";
+          # Replace runner on config changes
+          replace = true;
+        };
+      };
       "usda-dash" = builtins.fetchGit {
         url = "https://git.factory.uga.edu/MODEL/usda-dash-config.git";
         rev = "c47ab8fe295ba38cf3baa8670812b23a09fb4d53";