From 0fbb4c7725c5f48154e9dc9a4b658f76e1f023ae Mon Sep 17 00:00:00 2001
From: alejandro-angulo <iam@alejandr0angul0.dev>
Date: Sat, 14 Feb 2026 12:19:23 -0800
Subject: [PATCH] Add host nix-builder label

---
 systems/x86_64-linux/gospel/default.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/systems/x86_64-linux/gospel/default.nix b/systems/x86_64-linux/gospel/default.nix
index 65d48ef..54587ce 100644
--- a/systems/x86_64-linux/gospel/default.nix
+++ b/systems/x86_64-linux/gospel/default.nix
@@ -88,6 +88,8 @@
         url = "https://git.alejandr0angul0.dev";
         tokenFile = config.age.secrets.gitea-runner-gospel.path;
         labels = [
+          "nix-builder:host"
+
           "ubuntu-latest:docker://node:16-bullseye"
           "ubuntu-22.04:docker://node:16-bullseye"
           "ubuntu-20.04:docker://node:16-bullseye"
@@ -96,6 +98,15 @@
       };
     };
   };
+  # Allow the Forgejo Actions runner user to talk to nix-daemon when
+  # running jobs directly on the host.
+  nix.settings.trusted-users = [
+    config.systemd.services."gitea-runner-gospel".serviceConfig.User
+  ];
+  nix.settings.allowed-users = [
+    config.systemd.services."gitea-runner-gospel".serviceConfig.User
+  ];
+
   virtualisation = {
     libvirtd.enable = true;