- enable gitea actions
- add native host runner (nix:host label, capacity 1)
- add gitea-runner system user with persisted state
- add agenix-encrypted CI secrets (deploy key, git-crypt key, runner token)
- authorize CI deploy key for root SSH
- add build-and-deploy workflow triggered on push to main
- coturn: switch static-auth-secret to static-auth-secret-file
- matrix: switch registration_token and turn_secret to file-based
- murmur: switch password to environmentFile with agenix
- p2pool: move public wallet address to service-configs.nix
