| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
Changes to escapeShellArg introduced in
https://github.com/NixOS/nixpkgs/pull/333744 made different versions of
nixpkgs behave differently. If current nix-darwin is used with nixpkgs
before that change, labels end up having labels quoted twice
(see https://github.com/LnL7/nix-darwin/issues/1085), but without
changes from https://github.com/LnL7/nix-darwin/pull/1055, with new
nixpkgs, labels end up not quoted at all, and ShellCheck ends up
complaining that commas might have been used as array item separator
(see https://www.shellcheck.net/wiki/SC2054).
Use the old version of escapeShellArg to always escape the list of
labels and make nix-darwin work with both old and new versions of
nixpkgs.
Fixes https://github.com/LnL7/nix-darwin/issues/1085
|
|
`mkdir -p -m` only applies the mode on the deepest directory which could
be a security issue so we use umask to be more careful.
|
|
Shellcheck complains:
> args=(
> ^-- SC2054 (warning): Use spaces, not commas, to separate array elements.
Quote the --labels argument to resolve.
Signed-off-by: Sirio Balmelli <sirio@b-ad.ch>
|
|
As `/run` gets recreated every reboot and we can't specify dependencies
for launchd, creating the `workDir` every reboot will require extra
complexity with a separate daemon that runs as `root` otherwise it won't
have sufficient privileges.
As we clean the `workDir` when the service first starts anyway, it ends
up being the same.
|
|
This reverts commit fe99aa9699e7dd4ce6a81a8a623d010cedbe7eef.
|
|
|
|
While #859 added basic support for configuring GitHub runners through
nix-darwin, it did not yet support all of the options the NixOS module
offers.
I am aware that this is a rather big overhaul. I think, however, that
it's worth it:
- Copies the `options.nix` from the [NixOS module] with only minor
adaptations. This should help to keep track of any changes to it.
- Respect the `workDir` config option. So far, the implementation didn't
even read the value of the option.
- Allow configuring a custom user and group.
If both are `null`, nix-darwin manages the `_github-runner` user
shared among all instances. Take care of creating your own users if
that's not what you want.
- Also creates the necessary directories for state, logs and the working
directory (unless `workDir != null`). It uses the following locations:
* state: `/var/lib/github-runners/${name}`
* logs: `/var/log/github-runners/${name}`
* work: The value of `workDir` or `/var/run/github-runners/${name}`
if (`workDir == null`).
We have to create the logs directory before starting the service since
launchd expects that the `Standard{Error,Out}Path` exist. We do this
by prepending to [`system.activationScripts.launchd.text`].
All directories belong to the configured `user` and `group`.
- Warn if a `tokenFile` points to the Nix store.
[NixOS module]: https://github.com/NixOS/nixpkgs/blob/3c30c56/nixos/modules/services/continuous-integration/github-runner/options.nix
[`system.activationScripts.launchd.text`]: https://github.com/LnL7/nix-darwin/blob/bbde06b/modules/system/launchd.nix#L99-L123
|
