feat: Migrate CI to gitea

.gitea/workflows/ci.yml

@@ -0,0 +1,90 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+      - master
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  flake-check:
+    name: Flake Check
+    runs-on: [self-hosted, nix-builder]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Check flake
+        run: nix flake check --show-trace --print-build-logs
+
+  format-check:
+    name: Format Check
+    runs-on: [self-hosted, nix-builder]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Check formatting
+        run: |
+          nix fmt **/*.nix
+          if ! git diff --quiet; then
+            echo "::error::Code is not formatted. Please run 'nix fmt **/*.nix' locally."
+            git diff
+            exit 1
+          fi
+
+  eval-configs:
+    name: Evaluate Key Configurations
+    runs-on: [self-hosted, nix-builder]
+    needs: [flake-check, format-check]
+    strategy:
+      matrix:
+        config:
+          - nix-builder
+          - nix-laptop1
+          - nix-desktop1
+      fail-fast: false
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Evaluate configuration
+        run: |
+          echo "Evaluating configuration for ${{ matrix.config }}"
+          nix eval .#nixosConfigurations.${{ matrix.config }}.config.system.build.toplevel.drvPath \
+            --show-trace
+
+  build-artifacts:
+    name: Build Artifacts
+    runs-on: [self-hosted, nix-builder]
+    needs: [flake-check, format-check]
+    strategy:
+      matrix:
+        artifact:
+          - lxc-nix-builder
+          - installer-iso-nix-laptop1
+      fail-fast: false
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Build artifact
+        run: |
+          echo "Building artifact ${{ matrix.artifact }}"
+          nix build .#${{ matrix.artifact }} \
+            --print-build-logs \
+            --show-trace
+
+      - name: Show build result
+        run: |
+          if [ -L result ]; then
+            ls -lh result/
+            if [ -d result/iso ]; then
+              ls -lh result/iso/
+            fi
+          fi

.github/copilot-instructions.md

@@ -1,7 +1,9 @@
-# GitHub Copilot Instructions for nixos-systems
+# GitHub Copilot Instructions for Athenix
 
 This repository manages NixOS configurations for the UGA Innovation Factory's fleet of devices using Nix flakes and a custom configuration system.
 
+**Repository:** https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git
+
 ## Repository Overview
 
 This is a **NixOS system configuration repository** that uses:
@@ -106,7 +108,7 @@ athenix.forUser = "username";            # Convenience: enable user + set WSL us
 4. Test: `nix flake check`
 
 #### Creating External Modules
-1. Use templates: `nix flake init -t github:UGA-Innovation-Factory/nixos-systems#{user|system}`
+1. Use templates: `nix flake init -t git+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git#{user|system}`
 2. User modules: Provide `user.nix` (required) and `nixos.nix` (optional)
 3. System modules: Provide `default.nix` that accepts `{ inputs, ... }`
 4. Reference in `inventory.nix` or `users.nix` using `builtins.fetchGit`

README.md

@@ -1,6 +1,6 @@
 # UGA Innovation Factory - Athenix
 
-[![CI](https://github.com/UGA-Innovation-Factory/nixos-systems/actions/workflows/ci.yml/badge.svg)](https://github.com/UGA-Innovation-Factory/nixos-systems/actions/workflows/ci.yml)
+[![CI](https://git.factory.uga.edu/UGA-Innovation-Factory/athenix/actions/workflows/ci.yml/badge.svg)](https://git.factory.uga.edu/UGA-Innovation-Factory/athenix/actions)
 
 This repository contains the NixOS configuration for the Innovation Factory's fleet of laptops, desktops, Surface tablets, and containers. It provides a declarative, reproducible system configuration using Nix flakes.
 
@@ -28,7 +28,7 @@ This command automatically fetches the latest configuration, rebuilds your syste
 
 **Note:** If you use external user configurations (personal dotfiles), run:
 ```bash
-sudo nixos-rebuild switch --flake github:UGA-Innovation-Factory/nixos-systems --impure
+sudo nixos-rebuild switch --flake git+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git --impure
 ```
 
 ### For Administrators
@@ -177,7 +177,7 @@ Users and systems can reference external Git repositories for configuration:
 ```nix
 # In users.nix - External dotfiles with user configuration
 myuser.external = builtins.fetchGit {
-  url = "https://github.com/username/dotfiles";
+  url = "https://git.factory.uga.edu/username/dotfiles";
   rev = "abc123...";
 };
 # The external user.nix file contains both athenix.users.myuser options
@@ -186,7 +186,7 @@ myuser.external = builtins.fetchGit {
 # In inventory.nix - External system config
 nix-lxc = {
   devices."server" = builtins.fetchGit {
-    url = "https://github.com/org/server-config";
+    url = "https://git.factory.uga.edu/org/server-config";
     rev = "abc123...";
   };
 };
@@ -195,10 +195,10 @@ nix-lxc = {
 **Create templates:**
 ```bash
 # User configuration (dotfiles)
-nix flake init -t github:UGA-Innovation-Factory/nixos-systems#user
+nix flake init -t git+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git#user
 
 # System configuration
-nix flake init -t github:UGA-Innovation-Factory/nixos-systems#system
+nix flake init -t git+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git#system
 ```
 
 **See [docs/EXTERNAL_MODULES.md](docs/EXTERNAL_MODULES.md) for complete guide.**
@@ -207,13 +207,13 @@ nix flake init -t github:UGA-Innovation-Factory/nixos-systems#system
 
 ```bash
 # Build installer ISO
-nix build github:UGA-Innovation-Factory/nixos-systems#installer-iso-nix-laptop1
+nix build git+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git#installer-iso-nix-laptop1
 
 # Build LXC container
 nix build .#lxc-nix-builder
 
 # List all available artifacts
-nix flake show github:UGA-Innovation-Factory/nixos-systems
+nix flake show git+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git
 ```
 
 **See [docs/BUILDING.md](docs/BUILDING.md) for complete guide on building ISOs, containers, and using remote builders.**

docs/BUILDING.md

@@ -16,7 +16,7 @@ This guide covers building installer ISOs, live images, and container artifacts
 
 ```bash
 # Build an installer ISO for a specific host
-nix build github:UGA-Innovation-Factory/nixos-systems#installer-iso-nix-laptop1
+nix build git+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git#installer-iso-nix-laptop1
 
 # Result will be in result/iso/
 ls -lh result/iso/
@@ -27,7 +27,7 @@ ls -lh result/iso/
 List all available build outputs:
 
 ```bash
-nix flake show github:UGA-Innovation-Factory/nixos-systems
+nix flake show git+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git
 ```
 
 Common artifact types:
@@ -57,10 +57,10 @@ ls -lh result/iso/nixos-*.iso
 sudo dd if=result/iso/nixos-*.iso of=/dev/sdX bs=4M status=progress
 ```
 
-### Building from GitHub
+### Building from Gitea
 
 ```bash
-nix build github:UGA-Innovation-Factory/nixos-systems#installer-iso-nix-laptop1
+nix build git+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git#installer-iso-nix-laptop1
 ```
 
 ### Using the Installer

docs/DEVELOPMENT.md

@@ -66,7 +66,7 @@ sudo nixos-rebuild build --flake .
 
 ## Continuous Integration
 
-The repository uses GitHub Actions for automated testing and validation. CI jobs run on the self-hosted `nix-builder` machine via SSH.
+The repository uses Gitea Actions for automated testing and validation. CI jobs run on the self-hosted `nix-builder` machine.
 
 ### CI Workflow
 
@@ -94,7 +94,7 @@ Check the CI status badge at the top of the README or view detailed logs:
 
 ```bash
 # View workflow status
-https://github.com/UGA-Innovation-Factory/nixos-systems/actions
+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix/actions
 ```
 
 ### Running CI Checks Locally
@@ -118,49 +118,49 @@ nix build .#lxc-nix-builder
 
 ### Self-Hosted Runner
 
-CI jobs run on the `nix-builder` host as a self-hosted GitHub Actions runner. This provides:
+CI jobs run on the `nix-builder` host as a self-hosted Gitea Actions runner. This provides:
 
 - Native Nix environment without installation overhead
 - Access to local Nix store for faster builds
 - Consistent build environment matching deployment targets
 - Direct access to build caching infrastructure
 
-#### Setting Up the GitHub Actions Runner
+#### Setting Up the Gitea Actions Runner
 
-The nix-builder host is configured with a GitHub Actions self-hosted runner in `inventory.nix`. To complete the setup:
+The nix-builder host is configured with a Gitea Actions self-hosted runner in `inventory.nix`. To complete the setup:
 
-1. **Generate a GitHub Personal Access Token (PAT)**:
+1. **Generate a Gitea Runner Token**:
-   - Go to https://github.com/settings/tokens
+   - Go to https://git.factory.uga.edu/UGA-Innovation-Factory/athenix/settings/actions/runners
-   - Create a new token with `repo` scope
+   - Click "Create new Runner"
-   - Copy the token value
+   - Copy the registration token
 
 2. **Create the token file on nix-builder**:
    ```bash
    ssh engr-ugaif@nix-builder
-   echo "YOUR_TOKEN_HERE" | sudo tee /var/lib/github-runner-token > /dev/null
+   echo "YOUR_TOKEN_HERE" | sudo tee /var/lib/gitea-runner-token > /dev/null
-   sudo chmod 600 /var/lib/github-runner-token
+   sudo chmod 600 /var/lib/gitea-runner-token
    ```
 
 3. **Rebuild the system** to start the runner:
    ```bash
-   sudo nixos-rebuild switch --flake github:UGA-Innovation-Factory/nixos-systems#nix-builder
+   sudo nixos-rebuild switch --flake git+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git#nix-builder
    ```
 
 4. **Verify the runner is registered**:
-   - Check https://github.com/UGA-Innovation-Factory/nixos-systems/settings/actions/runners
+   - Check https://git.factory.uga.edu/UGA-Innovation-Factory/athenix/settings/actions/runners
    - The runner should appear with the `nix-builder` label
 
 The runner service is configured in the nix-builder device configuration and will automatically:
 - Register with the repository on first start
 - Use the `nix-builder` label for workflow targeting
 - Run as the `engr-ugaif` user
-- Store work in `/var/lib/github-runner`
+- Store work in `/var/lib/gitea-runner`
 
 ### Troubleshooting CI Failures
 
 If CI fails:
 
-1. **Check the error logs** in the GitHub Actions tab
+1. **Check the error logs** in the Gitea Actions tab
 2. **Run the same command locally** to reproduce the issue
 3. **Use `--show-trace`** for detailed error information
 4. **Verify formatting** with `nix fmt` if format check fails
@@ -195,13 +195,13 @@ sudo nixos-rebuild build --flake .
 
 ```bash
 # Rebuild from GitHub main branch
-sudo nixos-rebuild switch --flake github:UGA-Innovation-Factory/nixos-systems
+sudo nixos-rebuild switch --flake git+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git
 
 # Use --impure for external user configurations with fetchGit
-sudo nixos-rebuild switch --flake github:UGA-Innovation-Factory/nixos-systems --impure
+sudo nixos-rebuild switch --flake git+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git --impure
 
 # Rebuild specific host from GitHub
-sudo nixos-rebuild switch --flake github:UGA-Innovation-Factory/nixos-systems#nix-laptop1
+sudo nixos-rebuild switch --flake git+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git#nix-laptop1
 ```
 
 ### Boot into Previous Generation

docs/EXTERNAL_MODULES.md

@@ -38,7 +38,7 @@ nix-lxc = {
     
     # External module from Git
     "remote-server" = builtins.fetchGit {
-      url = "https://github.com/org/server-config";
+      url = "https://git.factory.uga.edu/org/server-config";
       rev = "abc123...";  # Pin to specific commit
     };
   };
@@ -96,7 +96,7 @@ Later modules can override earlier ones using standard NixOS module precedence.
 Create a new system module:
 
 ```bash
-nix flake init -t github:UGA-Innovation-Factory/nixos-systems#system
+nix flake init -t git+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git#system
 ```
 
 See [templates/system/](../templates/system/) for the complete template.
@@ -111,7 +111,7 @@ External user modules provide home-manager configurations (dotfiles, packages, p
 athenix.users = {
   # External user module (dotfiles, home-manager, and user options)
   myuser = builtins.fetchGit {
-    url = "https://github.com/username/dotfiles";
+    url = "https://git.factory.uga.edu/username/dotfiles";
     rev = "abc123...";
   };
 
@@ -225,7 +225,7 @@ username = {
 Create a new user module:
 
 ```bash
-nix flake init -t github:UGA-Innovation-Factory/nixos-systems#user
+nix flake init -t git+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git#user
 ```
 
 See [templates/user/](../templates/user/) for the complete template.
@@ -303,7 +303,7 @@ Use local directories during development:
 # Initialize in new directory
 mkdir my-server-config
 cd my-server-config
-nix flake init -t github:UGA-Innovation-Factory/nixos-systems#system
+nix flake init -t git+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git#system
 ```
 
 See [templates/system/README.md](../templates/system/README.md) for detailed usage.
@@ -314,7 +314,7 @@ See [templates/system/README.md](../templates/system/README.md) for detailed usa
 # Initialize in new directory
 mkdir my-dotfiles
 cd my-dotfiles
-nix flake init -t github:UGA-Innovation-Factory/nixos-systems#user
+nix flake init -t git+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git#user
 ```
 
 See [templates/user/README.md](../templates/user/README.md) for detailed usage.
@@ -369,7 +369,7 @@ You can mix external modules with local overrides:
 nix-lxc = {
   devices = {
     "server" = builtins.fetchGit {
-      url = "https://github.com/org/base-config";
+      url = "https://git.factory.uga.edu/org/base-config";
       rev = "abc123...";
     };
   };

docs/INVENTORY.md

@@ -115,7 +115,7 @@ For complex configurations, use external modules (see [EXTERNAL_MODULES.md](../E
 nix-lxc = {
   devices = {
     "special-server" = builtins.fetchGit {
-      url = "https://github.com/org/server-config";
+      url = "https://git.factory.uga.edu/org/server-config";
       rev = "abc123...";
     };
   };

docs/NAMESPACE.md

@@ -216,7 +216,7 @@ athenix.users.myuser = {
 # Option 2: Use external configuration (recommended)
 # The external user.nix can set athenix.users.myuser options directly
 athenix.users.anotheruser.external = builtins.fetchGit {
-  url = "https://github.com/username/dotfiles";
+  url = "https://git.factory.uga.edu/username/dotfiles";
   rev = "abc123...";
 };
 ```

docs/USER_CONFIGURATION.md

@@ -40,7 +40,7 @@ athenix.users = {
   
   # Option 2: External configuration (recommended for personalization)
   myuser.external = builtins.fetchGit {
-    url = "https://github.com/username/dotfiles";
+    url = "https://git.factory.uga.edu/username/dotfiles";
     rev = "abc123...";  # Pin to specific commit
   };
 };
@@ -126,7 +126,7 @@ myuser = {
   
   # Point to external configuration repository
   external = builtins.fetchGit {
-    url = "https://github.com/username/dotfiles";
+    url = "https://git.factory.uga.edu/username/dotfiles";
     rev = "abc123...";  # Pin to specific commit
   };
 };
@@ -236,7 +236,7 @@ external = /home/username/dev/dotfiles;
 ### Create User Template
 
 ```bash
-nix flake init -t github:UGA-Innovation-Factory/nixos-systems#user
+nix flake init -t git+https://git.factory.uga.edu/UGA-Innovation-Factory/athenix.git#user
 ```
 
 See [templates/user/README.md](../templates/user/README.md) for complete template.
@@ -390,7 +390,7 @@ developer = {
   shell = pkgs.zsh;
   hashedPassword = "$6$...";
   external = builtins.fetchGit {
-    url = "https://github.com/username/dotfiles";
+    url = "https://git.factory.uga.edu/username/dotfiles";
     rev = "abc123def456...";
   };
 };
@@ -405,7 +405,7 @@ wsl-user = {
   shell = pkgs.zsh;
   hashedPassword = "$6$...";
   external = builtins.fetchGit {
-    url = "https://github.com/username/dotfiles";
+    url = "https://git.factory.uga.edu/username/dotfiles";
     rev = "abc123...";
   };
 };
@@ -489,7 +489,7 @@ nix eval .#nixosConfigurations.nix-laptop1.config.users.users.myuser.openssh.aut
 
 **Check repository access:**
 ```bash
-git ls-remote https://github.com/username/dotfiles
+git ls-remote https://git.factory.uga.edu/username/dotfiles
 ```
 
 **Verify structure:**

inventory.nix

@@ -97,27 +97,23 @@
   nix-lxc = {
     devices = {
       "nix-builder" = {
-        # GitHub Actions self-hosted runner configuration
+        # Gitea Actions self-hosted runner configuration
         athenix.sw = {
           type = [
             "headless"
             "builders"
           ];
-          builders.githubRunner = {
+          builders.giteaRunner = {
             enable = true;
-            url = "https://github.com/UGA-Innovation-Factory/nixos-systems";
+            url = "https://git.factory.uga.edu";
-            # Token file must be created manually at this path with a GitHub PAT
+            # Token file must be created manually at this path with a Gitea runner token
-            # that has repo access. Generate at: https://github.com/settings/tokens
+            # Generate in repository settings: Settings > Actions > Runners > Create new Runner
-            # echo "YOUR_TOKEN_HERE" | sudo tee /var/lib/github-runner-token > /dev/null
+            # echo "YOUR_TOKEN_HERE" | sudo tee /var/lib/gitea-runner-token > /dev/null
-            tokenFile = "/var/lib/github-runner-token";
+            tokenFile = "/var/lib/gitea-runner-token";
             # Labels to identify this runner in workflows
             extraLabels = [ "nix-builder" ];
-            # User to run the runner as
-            user = "engr-ugaif";
-            # Working directory for runner
-            workDir = "/var/lib/github-runner";
             # Runner service name
-            name = "nixos-systems";
+            name = "athenix";
           };
         };
       };

sw/builders/default.nix

@@ -1,7 +1,7 @@
 # ============================================================================
 # Builders Software Configuration
 # ============================================================================
-# Imports builder-specific programs and services (GitHub Actions runners, etc.)
+# Imports builder-specific programs and services (Gitea Actions runners, etc.)
 
 {
   config,

sw/builders/services.nix

@@ -11,29 +11,25 @@ let
   cfg = config.athenix.sw;
   builderCfg = cfg.builders;
 in
-mkIf builderCfg.githubRunner.enable {
+mkIf builderCfg.giteaRunner.enable {
-  services.github-runners.${builderCfg.githubRunner.name} = {
+  services.gitea-actions-runner.instances.${builderCfg.giteaRunner.name} = {
     enable = true;
-    url = builderCfg.githubRunner.url;
+    url = builderCfg.giteaRunner.url;
-    tokenFile = builderCfg.githubRunner.tokenFile;
+    tokenFile = builderCfg.giteaRunner.tokenFile;
-    extraLabels = builderCfg.githubRunner.extraLabels;
+    labels = builderCfg.giteaRunner.extraLabels;
-    user = builderCfg.githubRunner.user;
+    name = builderCfg.giteaRunner.name;
-    workDir = builderCfg.githubRunner.workDir;
-    replace = builderCfg.githubRunner.replace;
   };
 
-  # Configure the systemd service for better handling of cleanup and restarts
+  # Configure the systemd service for better handling in LXC containers
-  systemd.services."github-runner-${builderCfg.githubRunner.name}" = {
+  systemd.services."gitea-runner-${builderCfg.giteaRunner.name}" = {
     unitConfig = {
       # Only start the service if token file exists
       # This allows graceful deployment before the token is manually installed
-      ConditionPathExists = builderCfg.githubRunner.tokenFile;
+      ConditionPathExists = builderCfg.giteaRunner.tokenFile;
     };
     serviceConfig = {
       # Give the service more time to stop cleanly
-      TimeoutStopSec = 60;
+      TimeoutStopSec = mkForce 60;
-      # Restart on failure, but not immediately
-      RestartSec = 10;
 
       # Disable all namespace isolation features that don't work in LXC containers
       PrivateMounts = mkForce false;
@@ -50,80 +46,6 @@ mkIf builderCfg.githubRunner.enable {
       ProtectKernelTunables = mkForce false;
       ProtectKernelModules = mkForce false;
       ProtectControlGroups = mkForce false;
-
-      # Use LoadCredential to securely pass the token file to the service
-      # This allows the service to read the token even when running as non-root
-      LoadCredential = "token:${builderCfg.githubRunner.tokenFile}";
-
-      # Don't override ExecStartPre - let the default module handle configuration
-      # Just make the cleanup more tolerant by wrapping the original script
-      ExecStartPre = mkForce (
-        let
-          # Get the runner package and scripts
-          runnerPkg = pkgs.github-runner;
-
-          # Create wrapper scripts that are failure-tolerant
-          unconfigureWrapper = pkgs.writeShellScript "github-runner-unconfigure-wrapper.sh" ''
-            set +e  # Don't fail on errors
-
-            runnerDir="$1"
-            stateDir="$2"
-            logDir="$3"
-
-            # If directory is busy, just skip cleanup with a warning
-            if [ -d "$runnerDir" ]; then
-              echo "Attempting cleanup of $runnerDir..."
-              find "$runnerDir" -mindepth 1 -maxdepth 1 -delete 2>/dev/null || {
-                echo "Warning: Cleanup had issues (directory may be in use), continuing anyway..."
-              }
-            fi
-
-            exit 0
-          '';
-
-          configureScript = pkgs.writeShellScript "github-runner-configure.sh" ''
-            set -e
-
-            runnerDir="${builderCfg.githubRunner.workDir}/${builderCfg.githubRunner.name}"
-
-            # Read token from systemd credential (passed via LoadCredential)
-            if [ -n "''${CREDENTIALS_DIRECTORY:-}" ] && [ -f "''${CREDENTIALS_DIRECTORY}/token" ]; then
-              token=$(cat "''${CREDENTIALS_DIRECTORY}/token")
-            else
-              echo "Error: Token credential not available"
-              exit 1
-            fi
-
-            cd "$runnerDir"
-
-            # Configure the runner, optionally replacing existing registration
-            if [ ! -f ".runner" ] || [ "${
-              if builderCfg.githubRunner.replace then "true" else "false"
-            }" = "true" ]; then
-              echo "Configuring GitHub Actions runner..."
-              ${runnerPkg}/bin/Runner.Listener configure \
-                --unattended \
-                --url "${builderCfg.githubRunner.url}" \
-                --token "$token" \
-                --name "$(hostname)" \
-                --labels "${lib.concatStringsSep "," builderCfg.githubRunner.extraLabels}" \
-                --work "_work" \
-                ${if builderCfg.githubRunner.replace then "--replace" else ""}
-            else
-              echo "Runner already configured, skipping configuration."
-            fi
-          '';
-        in
-        [
-          "-${unconfigureWrapper} ${builderCfg.githubRunner.workDir}/${builderCfg.githubRunner.name} ${builderCfg.githubRunner.workDir} /var/log/github-runner/${builderCfg.githubRunner.name}"
-          "${configureScript}"
-        ]
-      );
     };
   };
-
-  # Ensure the work directory exists with proper ownership
-  systemd.tmpfiles.rules = [
-    "d ${builderCfg.githubRunner.workDir} 0755 ${builderCfg.githubRunner.user} ${builderCfg.githubRunner.user} -"
-  ];
 }

sw/default.nix

@@ -79,21 +79,21 @@ in
     builders = mkOption {
       type = types.submodule {
         options = {
-          githubRunner = {
+          giteaRunner = {
-            enable = mkEnableOption "GitHub Actions self-hosted runner";
+            enable = mkEnableOption "Gitea Actions self-hosted runner";
 
             url = mkOption {
               type = types.str;
-              description = "GitHub repository URL for the runner";
+              description = "Gitea instance URL for the runner";
             };
 
             tokenFile = mkOption {
               type = types.path;
-              default = "/var/lib/github-runner-token";
+              default = "/var/lib/gitea-runner-token";
               description = ''
-                Path to file containing GitHub PAT token.
+                Path to file containing Gitea runner token.
-                Generate at: https://github.com/settings/tokens
+                Generate in Gitea repository settings under Actions > Runners.
-                The token must have repo access.
+                The token must have runner registration access.
               '';
             };
 
@@ -103,28 +103,10 @@ in
               description = "Extra labels to identify this runner in workflows";
             };
 
-            user = mkOption {
-              type = types.str;
-              default = "engr-ugaif";
-              description = "User to run the runner as";
-            };
-
-            workDir = mkOption {
-              type = types.str;
-              default = "/var/lib/github-runner";
-              description = "Working directory for runner";
-            };
-
             name = mkOption {
               type = types.str;
-              default = "nixos-systems";
+              default = "athenix";
-              description = "Name of the GitHub runner service";
+              description = "Name of the Gitea runner service";
-            };
-
-            replace = mkOption {
-              type = types.bool;
-              default = false;
-              description = "Replace existing runner registration on start";
             };
           };
         };