pinpox/infra
1
0
Fork 0
forked from pub-solar/infra
Code Pull requests Activity

gitea-actions-runner: don't run as systemd DynamicUser

Browse source 
to enable usage of cache outside of /var/lib/private
This commit is contained in:
teutat3s 2024-04-23 15:42:33 +02:00
parent 9541e5029e
commit fa9ce9d435
Signed by untrusted user: teutat3s
GPG key ID: 4FA1D3FA524F22C1
1 changed files with 17 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
hosts/flora-6/apps/forgejo-actions-runner.nix
View file

@ -13,9 +13,24 @@
# Needed for the docker runner to communicate with the act_runner cache
networking.firewall.trustedInterfaces = [ "br-+" ];
systemd.services."gitea-runner-flora\\x2d6".serviceConfig = {
CacheDirectory = "/data/gitea-actions-runner";
users.users.gitea-runner = {
home = "/var/lib/gitea-runner/flora-6";
useDefaultShell = true;
group = "gitea-runner";
isSystemUser = true;
};
users.groups.gitea-runner = {};
systemd.services."gitea-runner-flora\\x2d6".serviceConfig = {
DynamicUser = lib.mkForce false;
};
systemd.tmpfiles.rules = [
"d '/data/gitea-actions-runner' 0750 gitea-runner gitea-runner - -"
"d '/var/lib/gitea-runner' 0750 gitea-runner gitea-runner - -"
];
# forgejo actions runner
# https://forgejo.org/docs/latest/admin/actions/
# https://docs.gitea.com/usage/actions/quickstart