Updating a Forgejo Action Runner Registration Token with NixOS

If you're managing your Forgejo action runners via nixos through the services.gitea-actions-runner and you want to rotate your Actions Runner Registration Token there's a rather large footgun that I didn't expect. Turns out, you need to go delete the /var/lib/gitea-actions/<runner-name>/.runner file. Else the values you change for token and tokenFile don't actually do anything.

I had downed runners for days before I found out. Also turns out I need to have monitoring in place to tell me when my actions runners aren't running.

Once you delete that file, and then the next time an activate system happens, it will regenerate that registration and re-register the runner as a new instance.

I tried first editing the .runner file and changing the token within it, but that resulted in a failure that the runner wasn't registered, not an access failed. So I'm not sure what happened there.

I am starting to think it might be worth it with Forgejo 15, to do it differently to match their new offline registration logic, since they're starting to deviate from gitea more. I think there'd have to be a command that's run to do the registration with the name and the secret and automatically dump that into the configuration file, since there are parts of that UUID and token that change.

Something for a later time, but probably worth doing.