forked from pub-solar/infra
ci: run actions runner as normal user
This commit is contained in:
parent
866785ef47
commit
cc70a740a1
|
@ -8,13 +8,6 @@ jobs:
|
|||
- name: Check out repository code
|
||||
uses: https://code.forgejo.org/actions/checkout@v4
|
||||
|
||||
- name: Prepare cachix
|
||||
uses: https://github.com/cachix/cachix-action@v14
|
||||
with:
|
||||
name: pub-solar
|
||||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
||||
useDaemon: false
|
||||
|
||||
- name: Check formatting
|
||||
run: |
|
||||
nix --accept-flake-config --access-tokens '' develop --command treefmt --fail-on-change
|
||||
|
|
|
@ -15,7 +15,24 @@
|
|||
# Needed for the docker runner to communicate with the act_runner cache
|
||||
networking.firewall.trustedInterfaces = [ "br-+" ];
|
||||
|
||||
systemd.services."gitea-runner-tankstelle".path = with pkgs; [
|
||||
users.users.gitea-runner = {
|
||||
home = "/var/lib/gitea-runner/tankstelle";
|
||||
useDefaultShell = true;
|
||||
group = "gitea-runner";
|
||||
# Required to interact with nix daemon
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
];
|
||||
isSystemUser = true;
|
||||
};
|
||||
|
||||
users.groups.gitea-runner = { };
|
||||
|
||||
systemd.tmpfiles.rules = [ "d '/var/lib/gitea-runner' 0750 gitea-runner gitea-runner - -" ];
|
||||
|
||||
systemd.services."gitea-runner-tankstelle" = {
|
||||
serviceConfig.DynamicUser = lib.mkForce false;
|
||||
path = with pkgs; [
|
||||
coreutils
|
||||
bash
|
||||
coreutils
|
||||
|
@ -25,7 +42,10 @@
|
|||
gnused
|
||||
nodejs
|
||||
wget
|
||||
cachix
|
||||
jq
|
||||
];
|
||||
};
|
||||
|
||||
# forgejo actions runner
|
||||
# https://forgejo.org/docs/latest/admin/actions/
|
||||
|
|
Loading…
Reference in a new issue