Creating custom runner images

git clone ssh://[email protected]:222/NexVeridian/docker-nixpkgs.git

Create a copy of images/action-attic

{
  docker-nixpkgs,
  pkgs,
  attic-client,
  nodejs_24,
  nix-fast-build,
  # add more packages here
}:
(docker-nixpkgs.nix.override {
  nix = pkgs.nixVersions.latest;

  extraContents = [
    attic-client
    nodejs_24
    nix-fast-build
    # and the corresponding packages here
  ];
}).overrideAttrs
  (prev: {
    meta = (prev.meta or { }) // {
      description = "Forgejo action image, with Nix and Attic client";
    };
  })

Edit folder name in .forgejo/workflows/nix.yaml

- name: Build Nix package
  run: nix-build -A action-attic

Docker Compose Configuration

traefik:
  # ...
  command:
    # ...
    - "--entrypoints.ssh.address=:222"
  ports:
    # ...
    - "222:222"
forgejo:
    container_name: forgejo
    image: codeberg.org/forgejo/forgejo:11
    environment:
        - USER_UID=1000
        - USER_GID=1000
        - FORGEJO__database__DB_TYPE=postgres
        - FORGEJO__database__HOST=pgforgejo:5432
        - FORGEJO__database__NAME=forgejo
        - FORGEJO__database__USER=forgejo
        - FORGEJO__database__PASSWD=forgejo
    restart: always
    networks:
        - forgejo
        - <network name>
    volumes:
        - ./forgejo:/data
        - /etc/timezone:/etc/timezone:ro
        - /etc/localtime:/etc/localtime:ro
    # ports:
    #     - "3000:3000"
    #     - "222:22"
    depends_on:
        - pgforgejo
    labels:
        - "traefik.enable=true"
        - "traefik.http.routers.forgejo.rule=Host(`git.example.com`)"
        - "traefik.http.routers.forgejo.entrypoints=websecure"
        - "traefik.http.routers.forgejo.tls.certresolver=myhttpchallenge"
        - "traefik.http.routers.forgejo.service=forgejo"

        - "traefik.http.routers.forgejo-http.rule=Host(`git.example.com`)"
        - "traefik.http.routers.forgejo-http.entrypoints=web"
        - "traefik.http.routers.forgejo-http.middlewares=forgejo-redirect"
        - "traefik.http.middlewares.forgejo-redirect.redirectscheme.scheme=https"
        - "traefik.http.middlewares.forgejo-redirect.redirectscheme.permanent=true"

        - "traefik.http.services.forgejo.loadbalancer.server.port=3000"
        - "traefik.docker.network=<network name>"
        - "traefik.tcp.routers.forgejo-ssh.entrypoints=ssh"
        - "traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`)"
        - "traefik.tcp.routers.forgejo-ssh.service=forgejo-ssh"
        - "traefik.tcp.services.forgejo-ssh.loadbalancer.server.port=22"

pgforgejo:
    container_name: pgforgejo
    image: postgres:17.6-alpine
    restart: always
    environment:
        - POSTGRES_USER=forgejo
        - POSTGRES_PASSWORD=forgejo
        - POSTGRES_DB=forgejo
    networks:
        - forgejo
    volumes:
        - ./pgforgejo:/var/lib/postgresql/data

docker-in-docker:
    container_name: docker-dind
    image: docker:dind
    privileged: "true"
    command: ["dockerd", "-H", "tcp://0.0.0.0:2375", "--tls=false"]
    restart: "unless-stopped"
    networks:
        - forgejo

forgejo-action:
    container_name: "forgejo-action"
    image: "data.forgejo.org/forgejo/runner:9"
    links:
        - docker-in-docker
    depends_on:
        docker-in-docker:
            condition: service_started
    environment:
        DOCKER_HOST: tcp://docker-in-docker:2375
    networks:
        - forgejo
    # User without root privileges, but with access to `./data`.
    user: 1001:1001
    volumes:
        - ./forgejo-data:/data
    restart: "unless-stopped"
    # command: '/bin/sh -c "while : ; do sleep 1 ; done ;"'
    command: '/bin/sh -c "sleep 5; forgejo-runner --config config.yaml daemon"'

Forgejo Actions

docker exec -it forgejo-action /bin/sh

forgejo-runner register --no-interactive --token {TOKEN} --name runner --instance https://git.example.com --labels bookworm:docker://node:24-bookworm

forgejo-runner generate-config > config.yaml

# config.yaml
container:
    force_pull: true
    force_rebuild: true

# .runner
{
  "WARNING": "This file is automatically generated by act-runner. Do not edit it manually unless you know what you are doing. Removing this file will cause act runner to re-register as a new runner.",
  "id": 1,
  "uuid": "****",
  "name": "<runner name>",
  "token": "****",
  "address": "https://git.example.com",
  "labels": [
    "bookworm:docker://node:24-bookworm",
    "nix-base:docker://docker.nix-community.org/nixpkgs/nix-unstable:latest",
    "nix:docker://git.nexveridian.com/nexveridian/action-attic:latest"
  ]
}

Available runner images

• bookworm: closest to GitHub actions
• nix-base: for bootstrapping
• nix: custom image with packages pre installed, see Creating custom runner images