github-runners: adapt to NixOS module

While #859 added basic support for configuring GitHub runners through
nix-darwin, it did not yet support all of the options the NixOS module
offers.

I am aware that this is a rather big overhaul. I think, however, that
it's worth it:

- Copies the `options.nix` from the [NixOS module] with only minor
  adaptations. This should help to keep track of any changes to it.
- Respect the `workDir` config option. So far, the implementation didn't
  even read the value of the option.
- Allow configuring a custom user and group.
  If both are `null`, nix-darwin manages the `_github-runner` user
  shared among all instances. Take care of creating your own users if
  that's not what you want.
- Also creates the necessary directories for state, logs and the working
  directory (unless `workDir != null`). It uses the following locations:
    * state: `/var/lib/github-runners/${name}`
    * logs: `/var/log/github-runners/${name}`
    * work: The value of `workDir` or `/var/run/github-runners/${name}`
            if (`workDir == null`).
  We have to create the logs directory before starting the service since
  launchd expects that the `Standard{Error,Out}Path` exist. We do this
  by prepending to [`system.activationScripts.launchd.text`].
  All directories belong to the configured `user` and `group`.
- Warn if a `tokenFile` points to the Nix store.

[NixOS module]: https://github.com/NixOS/nixpkgs/blob/3c30c56/nixos/modules/services/continuous-integration/github-runner/options.nix
[`system.activationScripts.launchd.text`]: https://github.com/LnL7/nix-darwin/blob/bbde06b/modules/system/launchd.nix#L99-L123

1 files changed, 1 insertions, 32 deletions

diff --git a/modules/services/github-runner/default.nix b/modules/services/github-runner/default.nix
index 7937980..e860eca 100644
--- a/modules/services/github-runner/default.nix
+++ b/modules/services/github-runner/default.nix
@@ -1,37 +1,6 @@
-{ config, lib, ... }:
-let
-  anyEnabled = lib.any (cfg: cfg.enable) (lib.attrValues config.services.github-runners);
-in
 {
   imports = [
     ./options.nix
-    ./config.nix
+    ./service.nix
   ];
-
-  config.assertions = lib.mkIf anyEnabled [
-    {
-      assertion = lib.elem "github-runner" config.users.knownGroups;
-      message = "set `users.knownGroups` to enable `github-runner` group";
-    }
-    {
-      assertion = lib.elem "github-runner" config.users.knownUsers;
-      message = "set `users.knownUsers` to enable `github-runner` user";
-    }
-  ];
-
-  config.users = lib.mkIf anyEnabled {
-    users."github-runner" = {
-      createHome = true;
-      uid = lib.mkDefault 533;
-      gid = lib.mkDefault config.users.groups.github-runner.gid;
-      home = lib.mkDefault "/var/lib/github-runners";
-      shell = "/bin/bash";
-      description = "GitHub Runner service user";
-    };
-
-    groups."github-runner" = {
-      gid = lib.mkDefault 533;
-      description = "GitHub Runner service user group";
-    };
-  };
 }