Put gitea actions runner in its own user
This commit is contained in:
parent
69b2eeebaf
commit
b863346787
@ -19,7 +19,24 @@ let
|
|||||||
|
|
||||||
in {
|
in {
|
||||||
options.services.gitea-actions-runner = {
|
options.services.gitea-actions-runner = {
|
||||||
package = mkPackageOption pkgs "gitea-actions-runner" { };
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.gitea-actions-runner;
|
||||||
|
defaultText = literalExpression "pkgs.gitea-actions-runner";
|
||||||
|
description = "The gitea-actions-runner package to use.";
|
||||||
|
};
|
||||||
|
|
||||||
|
user = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "gitea-runner";
|
||||||
|
description = "The user account under which the Gitea Actions Runner should run.";
|
||||||
|
};
|
||||||
|
|
||||||
|
group = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "gitea-runner";
|
||||||
|
description = "The group under which the Gitea Actions Runner should run.";
|
||||||
|
};
|
||||||
|
|
||||||
instances = mkOption {
|
instances = mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
@ -95,6 +112,16 @@ in {
|
|||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# Create the user and group
|
||||||
|
users.users.${cfg.user} = {
|
||||||
|
name = cfg.user;
|
||||||
|
home = "/var/lib/gitea-runner";
|
||||||
|
createHome = true;
|
||||||
|
description = "Gitea Actions Runner user";
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups.${cfg.group} = {};
|
||||||
|
|
||||||
launchd.daemons = mapAttrs' (name: instance:
|
launchd.daemons = mapAttrs' (name: instance:
|
||||||
nameValuePair "gitea-runner-${name}" {
|
nameValuePair "gitea-runner-${name}" {
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
@ -104,7 +131,6 @@ in {
|
|||||||
mkdir -p "$HOME"
|
mkdir -p "$HOME"
|
||||||
cd "$HOME"
|
cd "$HOME"
|
||||||
touch run_started
|
touch run_started
|
||||||
date -d > $HOME/last-run
|
|
||||||
|
|
||||||
# Register the runner if not already registered
|
# Register the runner if not already registered
|
||||||
if [ ! -e "$HOME/.runner" ]; then
|
if [ ! -e "$HOME/.runner" ]; then
|
||||||
@ -118,13 +144,15 @@ in {
|
|||||||
|
|
||||||
# Start the runner
|
# Start the runner
|
||||||
exec ${cfg.package}/bin/act_runner daemon --config ${settingsFormat.generate "config.yaml" instance.settings}
|
exec ${cfg.package}/bin/act_runner daemon --config ${settingsFormat.generate "config.yaml" instance.settings}
|
||||||
''}"
|
''
|
||||||
];
|
];
|
||||||
KeepAlive = true;
|
KeepAlive = true;
|
||||||
RunAtLoad = true;
|
RunAtLoad = true;
|
||||||
WorkingDirectory = "/var/lib/gitea-runner/${name}";
|
WorkingDirectory = "/var/lib/gitea-runner/${name}";
|
||||||
StandardOutPath = "/var/log/gitea-runner-${name}.log";
|
StandardOutPath = "/var/log/gitea-runner/${name}.log";
|
||||||
StandardErrorPath = "/var/log/gitea-runner-${name}.error.log";
|
StandardErrorPath = "/var/log/gitea-runner/${name}.error.log";
|
||||||
|
UserName = cfg.user;
|
||||||
|
GroupName = cfg.group;
|
||||||
EnvironmentVariables = {
|
EnvironmentVariables = {
|
||||||
PATH = (lib.makeBinPath (instance.hostPackages ++ [ cfg.package ])) + ":/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin";
|
PATH = (lib.makeBinPath (instance.hostPackages ++ [ cfg.package ])) + ":/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin";
|
||||||
} // optionalAttrs (instance.token != null) {
|
} // optionalAttrs (instance.token != null) {
|
||||||
@ -136,10 +164,17 @@ in {
|
|||||||
}
|
}
|
||||||
) cfg.instances;
|
) cfg.instances;
|
||||||
|
|
||||||
# Ensure the log directory exists
|
# Ensure the log directory exists and has correct permissions
|
||||||
system.activationScripts.gitea-runner-logs = ''
|
system.activationScripts.gitea-runner-setup = {
|
||||||
|
text = ''
|
||||||
mkdir -p /var/log/gitea-runner
|
mkdir -p /var/log/gitea-runner
|
||||||
|
chown ${cfg.user}:${cfg.group} /var/log/gitea-runner
|
||||||
|
chmod 755 /var/log/gitea-runner
|
||||||
|
|
||||||
mkdir -p /var/lib/gitea-runner
|
mkdir -p /var/lib/gitea-runner
|
||||||
|
chown ${cfg.user}:${cfg.group} /var/lib/gitea-runner
|
||||||
|
chmod 755 /var/lib/gitea-runner
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user