From 7542014d33245252296744bbb71c490ba6aeb866 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 13 Aug 2022 22:03:08 +0200 Subject: [PATCH] Fix CI runner, get secrets from file --- modules/ci-runner/default.nix | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/modules/ci-runner/default.nix b/modules/ci-runner/default.nix index 7d936c0e..28325b14 100644 --- a/modules/ci-runner/default.nix +++ b/modules/ci-runner/default.nix @@ -1,4 +1,4 @@ -{ lib, config, pkgs, ... }: +{ lib, config, pkgs, self, ... }: with lib; let psCfg = config.pub-solar; @@ -10,18 +10,26 @@ in }; config = mkIf cfg.enable { - systemd.user.services.ci-runner = { + systemd.services.ci-runner = { enable = true; description = "CI runner for the PubSolarOS repository that can run test VM instances with KVM."; serviceConfig = { - Type = "oneshot"; - RemainAfterExit = "yes"; + Type = "simple"; Restart = "always"; }; - script = ''${pkgs.drone-runner-exec}''; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "libvirtd.service" ]; + + script = ''${pkgs.drone-runner-exec}/bin/drone-runner-exec daemon /run/agenix/drone-runner-exec-config''; + }; + + age.secrets."drone-runner-exec-config" = { + file = "${self}/secrets/drone-runner-exec-config"; + mode = "700"; + owner = "root"; }; }; }