github-runners: adapt to NixOS module
While #859 added basic support for configuring GitHub runners through nix-darwin, it did not yet support all of the options the NixOS module offers. I am aware that this is a rather big overhaul. I think, however, that it's worth it: - Copies the `options.nix` from the [NixOS module] with only minor adaptations. This should help to keep track of any changes to it. - Respect the `workDir` config option. So far, the implementation didn't even read the value of the option. - Allow configuring a custom user and group. If both are `null`, nix-darwin manages the `_github-runner` user shared among all instances. Take care of creating your own users if that's not what you want. - Also creates the necessary directories for state, logs and the working directory (unless `workDir != null`). It uses the following locations: * state: `/var/lib/github-runners/${name}` * logs: `/var/log/github-runners/${name}` * work: The value of `workDir` or `/var/run/github-runners/${name}` if (`workDir == null`). We have to create the logs directory before starting the service since launchd expects that the `Standard{Error,Out}Path` exist. We do this by prepending to [`system.activationScripts.launchd.text`]. All directories belong to the configured `user` and `group`. - Warn if a `tokenFile` points to the Nix store. [NixOS module]:3c30c56/nixos/modules/services/continuous-integration/github-runner/options.nix[`system.activationScripts.launchd.text`]:bbde06b/modules/system/launchd.nix (L99-L123)
This commit is contained in:
Vincent Haupert
parent
0e6857fa1d
commit
06f5dab065
5 changed files with 323 additions and 167 deletions
|
|
@ -1,37 +1,6 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
anyEnabled = lib.any (cfg: cfg.enable) (lib.attrValues config.services.github-runners);
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./options.nix
|
||||
./config.nix
|
||||
./service.nix
|
||||
];
|
||||
|
||||
config.assertions = lib.mkIf anyEnabled [
|
||||
{
|
||||
assertion = lib.elem "github-runner" config.users.knownGroups;
|
||||
message = "set `users.knownGroups` to enable `github-runner` group";
|
||||
}
|
||||
{
|
||||
assertion = lib.elem "github-runner" config.users.knownUsers;
|
||||
message = "set `users.knownUsers` to enable `github-runner` user";
|
||||
}
|
||||
];
|
||||
|
||||
config.users = lib.mkIf anyEnabled {
|
||||
users."github-runner" = {
|
||||
createHome = true;
|
||||
uid = lib.mkDefault 533;
|
||||
gid = lib.mkDefault config.users.groups.github-runner.gid;
|
||||
home = lib.mkDefault "/var/lib/github-runners";
|
||||
shell = "/bin/bash";
|
||||
description = "GitHub Runner service user";
|
||||
};
|
||||
|
||||
groups."github-runner" = {
|
||||
gid = lib.mkDefault 533;
|
||||
description = "GitHub Runner service user group";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue