diff --git a/modules/services/github-runner/options.nix b/modules/services/github-runner/options.nix index 8f98aa07..5152cc43 100644 --- a/modules/services/github-runner/options.nix +++ b/modules/services/github-runner/options.nix @@ -3,7 +3,9 @@ , ... }: -with lib; +let + inherit (lib) literalExpression mkOption mkPackageOption types; +in { options.services.github-runners = mkOption { description = '' @@ -88,6 +90,9 @@ with lib; Changing this option or the `tokenFile`’s content triggers a new runner registration. + You can also manually trigger a new runner registration by deleting + {file}`/var/lib/github-runners//.runner` and restarting the service. + We suggest using the fine-grained PATs. A runner registration token is valid only for 1 hour after creation, so the next time the runner configuration changes this will give you hard-to-debug HTTP 404 errors in the configure step. diff --git a/modules/services/github-runner/service.nix b/modules/services/github-runner/service.nix index 21d908e0..029f863e 100644 --- a/modules/services/github-runner/service.nix +++ b/modules/services/github-runner/service.nix @@ -1,6 +1,10 @@ { config, lib, pkgs, ... }: -with lib; + let + inherit (lib) any attrValues boolToString concatStringsSep escapeShellArg + flatten flip getExe getExe' hasAttr hasPrefix mapAttrsToList mapAttrs' mkBefore + mkDefault mkIf mkMerge nameValuePair optionalAttrs optionalString replaceStrings; + mkSvcName = name: "github-runner-${name}"; mkStateDir = cfg: "/var/lib/github-runners/${cfg.name}"; mkLogDir = cfg: "/var/log/github-runners/${cfg.name}"; @@ -51,15 +55,17 @@ in ( umask -S u=rwx,g=rx,o= > /dev/null - ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkStateDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkStateDir cfg)} + ${getExe' pkgs.coreutils "mkdir"} -p ${escapeShellArg (mkStateDir cfg)} + ${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkStateDir cfg)} - ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkLogDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkLogDir cfg)} + ${getExe' pkgs.coreutils "mkdir"} -p ${escapeShellArg (mkLogDir cfg)} + # launchd will fail to start the service if the outer direction doesn't have sufficient permissions + ${getExe' pkgs.coreutils "chmod"} o+rx ${escapeShellArg (mkLogDir { name = ""; })} + ${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkLogDir cfg)} ${optionalString (cfg.workDir == null) '' - ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkWorkDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkWorkDir cfg)} + ${getExe' pkgs.coreutils "mkdir"} -p ${escapeShellArg (mkWorkDir cfg)} + ${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkWorkDir cfg)} ''} ) ''); @@ -123,7 +129,7 @@ in else args+=(--token "$token") fi - ${package}/bin/config.sh "''${args[@]}" + ${getExe' package "config.sh"} "''${args[@]}" ''; }; in @@ -131,12 +137,12 @@ in echo "Configuring GitHub Actions Runner" # Always clean the working directory - ${pkgs.findutils}/bin/find ${escapeShellArg workDir} -mindepth 1 -delete + ${getExe pkgs.findutils} ${escapeShellArg workDir} -mindepth 1 -delete # Clean the $RUNNER_ROOT if we are in ephemeral mode if ${boolToString cfg.ephemeral}; then echo "Cleaning $RUNNER_ROOT" - ${pkgs.findutils}/bin/find "$RUNNER_ROOT" -mindepth 1 -delete + ${getExe pkgs.findutils} "$RUNNER_ROOT" -mindepth 1 -delete fi # If the `.runner` file does not exist, we assume the runner is not configured @@ -145,7 +151,7 @@ in fi # Start the service - ${package}/bin/Runner.Listener run --startuptype service + ${getExe' package "Runner.Listener"} run --startuptype service ''; serviceConfig = mkMerge [