Skip to content

Commit a7175bc

Browse files
committed
nixos/forgejo.runner: assert on long usernames and expose option for user name
1 parent 2b51c5d commit a7175bc

2 files changed

Lines changed: 35 additions & 15 deletions

File tree

nixos/modules/services/continuous-integration/forgejo-runner.nix

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,7 @@ in
9292
'';
9393
type = attrsOf (
9494
submodule (
95-
{ name, ... }:
95+
{ config, name, ... }:
9696
{
9797
options = {
9898
labels = labelsOption;
@@ -109,6 +109,13 @@ in
109109

110110
url = urlOption;
111111

112+
user = mkOption {
113+
type = types.str;
114+
description = "The dynamic username of the runner service.";
115+
default = "runner-${escapeSystemdPath config.name}";
116+
defaultText = literalExpression "runner-\${escapeSystemdPath config.name}";
117+
};
118+
112119
registrationTokenFile = mkOption {
113120
type = types.nullOr (types.either types.str types.path);
114121
default = null;
@@ -233,6 +240,9 @@ in
233240
config = mkIf (cfg.instances != { }) {
234241
assertions = lib.foldlAttrs (
235242
acc_inst: _: instance:
243+
let
244+
userNameLength = builtins.stringLength instance.user;
245+
in
236246
(lib.foldlAttrs (
237247
acc_conn: name: connection:
238248
acc_conn
@@ -270,6 +280,10 @@ in
270280
assertion = hasDockerScheme (instanceLabels instance) -> hasDocker || hasPodman;
271281
message = "forgejo.runner.instances.${instance.name} label configuration requires either docker or podman.";
272282
}
283+
{
284+
assertion = userNameLength <= 31;
285+
message = ''forgejo.runner.instances.${instance.name}.user = "${instance.user}" has a length of ${toString userNameLength} which exceeds 31 character limit from systemd+glibc. Shorten instance name or explicitly define `instances.<name>.user`.'';
286+
}
273287
]
274288
) [ ] cfg.instances;
275289

@@ -308,6 +322,7 @@ in
308322
path = [ pkgs.coreutils ] ++ lib.optionals wantsHost instance.hostPackages;
309323

310324
serviceConfig = {
325+
User = instance.user;
311326
MemoryDenyWriteExecute = !wantsHost;
312327

313328
LoadCredential =
@@ -365,7 +380,6 @@ in
365380

366381
serviceConfig = {
367382
DynamicUser = true;
368-
User = "forgejo-runner-%i";
369383
StateDirectory = "forgejo-runner/%i";
370384
WorkingDirectory = "/var/lib/forgejo-runner/%i";
371385

nixos/tests/forgejo.nix

Lines changed: 19 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -63,16 +63,22 @@ let
6363
specialisation = {
6464
runner = {
6565
inheritParentConfig = true;
66-
configuration.services.forgejo.runner = {
67-
package = pkgs.forgejo-runner;
68-
instances."test" = {
69-
enable = true;
70-
url = "http://localhost:3000";
71-
labels = [
72-
# type ":host" does not depend on docker/podman/lxc
73-
"native:host"
74-
];
75-
registrationTokenFile = "/var/lib/forgejo/runner_token";
66+
configuration = {
67+
services.forgejo.runner = {
68+
package = pkgs.forgejo-runner;
69+
70+
instances = {
71+
legacyRegistration = {
72+
enable = true;
73+
user = "runner-legacy";
74+
url = "http://localhost:3000";
75+
labels = [
76+
# type ":host" does not depend on docker/podman/lxc
77+
"native:host"
78+
];
79+
registrationTokenFile = "/var/lib/forgejo/runner_token";
80+
};
81+
};
7682
};
7783
};
7884
};
@@ -81,7 +87,7 @@ let
8187
inheritParentConfig = true;
8288
configuration.services.gitea-actions-runner = {
8389
package = pkgs.forgejo-runner;
84-
instances."test" = {
90+
instances.test = {
8591
enable = true;
8692
name = "ci";
8793
url = "http://localhost:3000";
@@ -269,8 +275,8 @@ let
269275
)
270276
271277
server.succeed("${serverSystem}/specialisation/runner/bin/switch-to-configuration test")
272-
server.wait_for_unit("forgejo-runner@test.service")
273-
server.succeed("journalctl -o cat -u forgejo-runner@test.service | grep -q 'Runner registered successfully'")
278+
server.wait_for_unit("forgejo-runner@legacyRegistration.service")
279+
server.succeed("journalctl -o cat -u forgejo-runner@legacyRegistration.service | grep -q 'Runner registered successfully'")
274280
275281
# enable actions feature for this repository, defaults to disabled
276282
server.succeed(

0 commit comments

Comments
 (0)