From fa9ce9d4356569f9e35aee8be78f16deba47dff8 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 23 Apr 2024 15:42:33 +0200 Subject: [PATCH] gitea-actions-runner: don't run as systemd DynamicUser to enable usage of cache outside of /var/lib/private --- hosts/flora-6/apps/forgejo-actions-runner.nix | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/hosts/flora-6/apps/forgejo-actions-runner.nix b/hosts/flora-6/apps/forgejo-actions-runner.nix index 6dc25da9..045f0c24 100644 --- a/hosts/flora-6/apps/forgejo-actions-runner.nix +++ b/hosts/flora-6/apps/forgejo-actions-runner.nix @@ -13,9 +13,24 @@ # Needed for the docker runner to communicate with the act_runner cache networking.firewall.trustedInterfaces = [ "br-+" ]; - systemd.services."gitea-runner-flora\\x2d6".serviceConfig = { - CacheDirectory = "/data/gitea-actions-runner"; + users.users.gitea-runner = { + home = "/var/lib/gitea-runner/flora-6"; + useDefaultShell = true; + group = "gitea-runner"; + isSystemUser = true; }; + + users.groups.gitea-runner = {}; + + systemd.services."gitea-runner-flora\\x2d6".serviceConfig = { + DynamicUser = lib.mkForce false; + }; + + systemd.tmpfiles.rules = [ + "d '/data/gitea-actions-runner' 0750 gitea-runner gitea-runner - -" + "d '/var/lib/gitea-runner' 0750 gitea-runner gitea-runner - -" + ]; + # forgejo actions runner # https://forgejo.org/docs/latest/admin/actions/ # https://docs.gitea.com/usage/actions/quickstart