github-runners: adapt to NixOS module

While #859 added basic support for configuring GitHub runners through
nix-darwin, it did not yet support all of the options the NixOS module
offers.

I am aware that this is a rather big overhaul. I think, however, that
it's worth it:

- Copies the `options.nix` from the [NixOS module] with only minor
  adaptations. This should help to keep track of any changes to it.
- Respect the `workDir` config option. So far, the implementation didn't
  even read the value of the option.
- Allow configuring a custom user and group.
  If both are `null`, nix-darwin manages the `_github-runner` user
  shared among all instances. Take care of creating your own users if
  that's not what you want.
- Also creates the necessary directories for state, logs and the working
  directory (unless `workDir != null`). It uses the following locations:
    * state: `/var/lib/github-runners/${name}`
    * logs: `/var/log/github-runners/${name}`
    * work: The value of `workDir` or `/var/run/github-runners/${name}`
            if (`workDir == null`).
  We have to create the logs directory before starting the service since
  launchd expects that the `Standard{Error,Out}Path` exist. We do this
  by prepending to [`system.activationScripts.launchd.text`].
  All directories belong to the configured `user` and `group`.
- Warn if a `tokenFile` points to the Nix store.

[NixOS module]: https://github.com/NixOS/nixpkgs/blob/3c30c56/nixos/modules/services/continuous-integration/github-runner/options.nix
[`system.activationScripts.launchd.text`]: https://github.com/LnL7/nix-darwin/blob/bbde06b/modules/system/launchd.nix#L99-L123

1 files changed, 0 insertions, 79 deletions

diff --git a/modules/services/github-runner/config.nix b/modules/services/github-runner/config.nix
deleted file mode 100644
index 42c9eab..0000000
--- a/modules/services/github-runner/config.nix
+++ /dev/null
@@ -1,79 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  mkSvcName = name: "github-runner-${name}";
-  mkRootDir = name: "${config.users.users.github-runner.home}/.github-runner/${name}";
-  mkWorkDir = name: "${mkRootDir name}/_work";
-in
-with lib;
-{
-  launchd.daemons = flip mapAttrs' config.services.github-runners (name: cfg:
-    nameValuePair
-      (mkSvcName name)
-      (mkIf cfg.enable {
-        environment = {
-          RUNNER_ROOT = mkRootDir name;
-        } // cfg.extraEnvironment;
-
-        # Minimal package set for `actions/checkout`
-        path = (with pkgs; [
-          bash
-          coreutils
-          git
-          gnutar
-          gzip
-        ]) ++ [
-          config.nix.package
-        ] ++ cfg.extraPackages;
-
-        script = ''
-          echo "Configuring GitHub Actions Runner"
-          mkdir -p ${escapeShellArg (mkRootDir name)}
-          cd ${escapeShellArg (mkRootDir name)}
-
-          args=(
-            --unattended
-            --disableupdate
-            --work ${escapeShellArg (mkWorkDir name)}
-            --url ${escapeShellArg cfg.url}
-            --labels ${escapeShellArg (concatStringsSep "," cfg.extraLabels)}
-            --name ${escapeShellArg cfg.name}
-            ${optionalString cfg.replace "--replace"}
-            ${optionalString (cfg.runnerGroup != null) "--runnergroup ${escapeShellArg cfg.runnerGroup}"}
-            ${optionalString cfg.ephemeral "--ephemeral"}
-          )
-          # If the token file contains a PAT (i.e., it starts with "ghp_" or "github_pat_"), we have to use the --pat option,
-          # if it is not a PAT, we assume it contains a registration token and use the --token option
-          token=$(<"${cfg.tokenFile}")
-          if [[ "$token" =~ ^ghp_* ]] || [[ "$token" =~ ^github_pat_* ]]; then
-            args+=(--pat "$token")
-          else
-            args+=(--token "$token")
-          fi
-          ${cfg.package}/bin/config.sh "''${args[@]}"
-
-          # Start the service
-          ${cfg.package}/bin/Runner.Listener run --startuptype service
-        '';
-
-        serviceConfig = mkMerge [
-          {
-            KeepAlive = {
-              Crashed = false;
-            } // mkIf cfg.ephemeral {
-              SuccessfulExit = true;
-            };
-            GroupName = "github-runner";
-            ProcessType = "Interactive";
-            RunAtLoad = true;
-            ThrottleInterval = 30;
-            UserName = "github-runner";
-            WatchPaths = [
-              "/etc/resolv.conf"
-              "/Library/Preferences/SystemConfiguration/NetworkInterfaces.plist"
-            ];
-            WorkingDirectory = config.users.users.github-runner.home;
-          }
-          cfg.serviceOverrides
-        ];
-      }));
-}