diff options
| author | Michael Hoang <enzime@users.noreply.github.com> | 2024-07-27 10:41:18 +1000 |
|---|---|---|
| committer | Michael Hoang <enzime@users.noreply.github.com> | 2024-07-27 10:41:18 +1000 |
| commit | dc8e1f4839b735ffed17cb5368d9bd7f19577eb6 (patch) | |
| tree | b5be0361c7e0638d6c7366ba11e21c7993661702 /modules | |
| parent | a6903cf7e3a451347160c92edb44ba288ebce747 (diff) | |
github-runners: move `workDir` outside of `/run`
As `/run` gets recreated every reboot and we can't specify dependencies
for launchd, creating the `workDir` every reboot will require extra
complexity with a separate daemon that runs as `root` otherwise it won't
have sufficient privileges.
As we clean the `workDir` when the service first starts anyway, it ends
up being the same.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/services/github-runner/options.nix | 6 | ||||
| -rw-r--r-- | modules/services/github-runner/service.nix | 6 |
2 files changed, 8 insertions, 4 deletions
diff --git a/modules/services/github-runner/options.nix b/modules/services/github-runner/options.nix index 772eb78..8f98aa0 100644 --- a/modules/services/github-runner/options.nix +++ b/modules/services/github-runner/options.nix @@ -22,12 +22,12 @@ with lib; * `/var/lib/github-runners/<name>`: State directory to store the runner registration credentials + * `/var/lib/github-runners/_work/<name>`: + Working directory for workflow files. The runner only uses this + directory if `workDir` is `null` (see the `workDir` option for details). * `/var/log/github-runners/<name>`: The launchd service writes the stdout and stderr streams to this directory. - * `/var/run/github-runners/<name>`: - Working directory for workflow files. The runner only uses this - directory if `workDir` is `null` (see the `workDir` option for details). ''; example = { runner1 = { diff --git a/modules/services/github-runner/service.nix b/modules/services/github-runner/service.nix index 53f2cdd..75d6442 100644 --- a/modules/services/github-runner/service.nix +++ b/modules/services/github-runner/service.nix @@ -4,7 +4,7 @@ let mkSvcName = name: "github-runner-${name}"; mkStateDir = cfg: "/var/lib/github-runners/${cfg.name}"; mkLogDir = cfg: "/var/log/github-runners/${cfg.name}"; - mkWorkDir = cfg: if (cfg.workDir != null) then cfg.workDir else "/var/run/github-runners/${cfg.name}"; + mkWorkDir = cfg: if (cfg.workDir != null) then cfg.workDir else "/var/lib/github-runners/_work/${cfg.name}"; in { config.assertions = flatten ( @@ -17,6 +17,10 @@ in assertion = !cfg.noDefaultLabels || (cfg.extraLabels != [ ]); message = "`services.github-runners.${name}`: The `extraLabels` option is mandatory if `noDefaultLabels` is set"; } + { + assertion = cfg.workDir == null || !(hasPrefix "/run/" cfg.workDir || hasPrefix "/var/run/" cfg.workDir || hasPrefix "/private/var/run/"); + message = "`services.github-runners.${name}`: `workDir` being inside /run is not supported"; + } ]) ); |