infra/2-nomad-config/act-runner.nomad.hcl

job "act-runner" {
  group "act-runner" {
    network {
      mode = "bridge"
    }

    # Consul Connect upstream to Gitea so the runner can register and receive jobs
    service {
      name = "act-runner"
      connect {
        sidecar_service {
          proxy {
            upstreams {
              destination_name = "code-connect"
              local_bind_port  = 3000
            }
          }
        }
      }
    }

    task "act-runner" {
      driver = "docker"

      config {
        image   = "gitea/act_runner:latest"
        volumes = ["/var/run/docker.sock:/var/run/docker.sock"]
      }

      env = {
        GITEA_INSTANCE_URL = "https://gitea-1ef0bea6b75a4fd3e9393a9f7f7e4b02.othrayte.one"
      }

      # Required SOPS key:
      #   act-runner.registration_token — runner registration token from Gitea
      #   Admin → Settings → Actions → Runners → Create new runner
      template {
        data        = <<EOF
GITEA_RUNNER_REGISTRATION_TOKEN={{ with nomadVar "nomad/jobs/act-runner" }}{{ .registration_token }}{{ end }}
EOF
        destination = "secrets/runner.env"
        env         = true
      }

      resources {
        cpu        = 200
        memory     = 256
        memory_max = 1024
      }
    }
  }
}