From 628dfaba3100ae5365d8cf7b300f7e13d8ff3120 Mon Sep 17 00:00:00 2001
From: DerGrumpf <phil.keier@hotmail.com>
Date: Mon, 22 Jun 2026 21:01:28 +0200
Subject: [PATCH] Fixed gitea-runner user

---
 nixos/roles/gitea.nix | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/nixos/roles/gitea.nix b/nixos/roles/gitea.nix
index ae7abec..b3b0c6b 100644
--- a/nixos/roles/gitea.nix
+++ b/nixos/roles/gitea.nix
@@ -209,18 +209,18 @@ in
       url = "https://git.cyperpunk.de";
       tokenFile = config.sops.secrets."gitea/runnerToken".path;
       name = "cyper-controller";
-      labels = [
-        "nix:host"
-      ];
-      settings = {
-        runner.env_vars = {
-          PATH = "/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:$PATH";
-        };
-      };
+      labels = [ "nix:host" ];
       hostPackages = with pkgs; [
         nodejs
         git
+        nix
+        bash
       ];
+      settings = {
+        runner.env_vars = {
+          PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin";
+        };
+      };
     };
   };
 
@@ -245,9 +245,18 @@ in
         home = "/var/lib/gitea";
         createHome = true;
       };
+      gitea-runner = {
+        isSystemUser = true;
+        group = "gitea-runner";
+        home = "/var/lib/gitea-runner";
+        createHome = true;
+      };
       postgres.extraGroups = [ "gitea" ];
     };
-    groups.gitea = { };
+    groups = {
+      gitea = { };
+      gitea-runner = { };
+    };
   };
 
   networking.firewall.allowedTCPPorts = [