mirror of
https://github.com/LnL7/nix-darwin.git
synced 2024-07-14 16:00:36 +03:00
06f5dab065
While #859 added basic support for configuring GitHub runners through nix-darwin, it did not yet support all of the options the NixOS module offers. I am aware that this is a rather big overhaul. I think, however, that it's worth it: - Copies the `options.nix` from the [NixOS module] with only minor adaptations. This should help to keep track of any changes to it. - Respect the `workDir` config option. So far, the implementation didn't even read the value of the option. - Allow configuring a custom user and group. If both are `null`, nix-darwin manages the `_github-runner` user shared among all instances. Take care of creating your own users if that's not what you want. - Also creates the necessary directories for state, logs and the working directory (unless `workDir != null`). It uses the following locations: * state: `/var/lib/github-runners/${name}` * logs: `/var/log/github-runners/${name}` * work: The value of `workDir` or `/var/run/github-runners/${name}` if (`workDir == null`). We have to create the logs directory before starting the service since launchd expects that the `Standard{Error,Out}Path` exist. We do this by prepending to [`system.activationScripts.launchd.text`]. All directories belong to the configured `user` and `group`. - Warn if a `tokenFile` points to the Nix store. [NixOS module]: https://github.com/NixOS/nixpkgs/blob/3c30c56/nixos/modules/services/continuous-integration/github-runner/options.nix [`system.activationScripts.launchd.text`]: https://github.com/LnL7/nix-darwin/blob/bbde06b/modules/system/launchd.nix#L99-L123
21 lines
809 B
Nix
21 lines
809 B
Nix
{ config, pkgs, ... }:
|
|
{
|
|
services.github-runners."a-runner" = {
|
|
enable = true;
|
|
url = "https://github.com/nixos/nixpkgs";
|
|
tokenFile = "/secret/path/to/a/github/token";
|
|
# We need an overridable derivation but cannot use the actual github-runner package
|
|
# since it still relies on Node.js 16 which is marked as insecure.
|
|
package = pkgs.hello;
|
|
};
|
|
|
|
test = ''
|
|
echo >&2 "checking github-runner service in /Library/LaunchDaemons"
|
|
grep "org.nixos.github-runner-a-runner" ${config.out}/Library/LaunchDaemons/org.nixos.github-runner-a-runner.plist
|
|
grep "<string>_github-runner</string>" ${config.out}/Library/LaunchDaemons/org.nixos.github-runner-a-runner.plist
|
|
|
|
echo >&2 "checking for user in /activate"
|
|
grep "GitHub Runner service user" ${config.out}/activate
|
|
'';
|
|
}
|