File tree Expand file tree Collapse file tree
modules/services/continuous-integration Expand file tree Collapse file tree Original file line number Diff line number Diff line change 9292 '' ;
9393 type = attrsOf (
9494 submodule (
95- { name , ... } :
95+ { config , name , ... } :
9696 {
9797 options = {
9898 labels = labelsOption ;
109109
110110 url = urlOption ;
111111
112+ user = mkOption {
113+ type = types . str ;
114+ description = "The dynamic username of the runner service." ;
115+ default = "runner-${ escapeSystemdPath config . name } " ;
116+ defaultText = literalExpression "runner-\ ${escapeSystemdPath config.name}" ;
117+ } ;
118+
112119 registrationTokenFile = mkOption {
113120 type = types . nullOr ( types . either types . str types . path ) ;
114121 default = null ;
233240 config = mkIf ( cfg . instances != { } ) {
234241 assertions = lib . foldlAttrs (
235242 acc_inst : _ : instance :
243+ let
244+ userNameLength = builtins . stringLength instance . user ;
245+ in
236246 ( lib . foldlAttrs (
237247 acc_conn : name : connection :
238248 acc_conn
270280 assertion = hasDockerScheme ( instanceLabels instance ) -> hasDocker || hasPodman ;
271281 message = "forgejo.runner.instances.${ instance . name } label configuration requires either docker or podman." ;
272282 }
283+ {
284+ assertion = userNameLength <= 31 ;
285+ message = ''forgejo.runner.instances.${ instance . name } .user = "${ instance . user } " has a length of ${ toString userNameLength } which exceeds 31 character limit from systemd+glibc. Shorten instance name or explicitly define `instances.<name>.user`.'' ;
286+ }
273287 ]
274288 ) [ ] cfg . instances ;
275289
308322 path = [ pkgs . coreutils ] ++ lib . optionals wantsHost instance . hostPackages ;
309323
310324 serviceConfig = {
325+ User = instance . user ;
311326 MemoryDenyWriteExecute = ! wantsHost ;
312327
313328 LoadCredential =
365380
366381 serviceConfig = {
367382 DynamicUser = true ;
368- User = "forgejo-runner-%i" ;
369383 StateDirectory = "forgejo-runner/%i" ;
370384 WorkingDirectory = "/var/lib/forgejo-runner/%i" ;
371385
Original file line number Diff line number Diff line change 6363 specialisation = {
6464 runner = {
6565 inheritParentConfig = true ;
66- configuration . services . forgejo . runner = {
67- package = pkgs . forgejo-runner ;
68- instances . "test" = {
69- enable = true ;
70- url = "http://localhost:3000" ;
71- labels = [
72- # type ":host" does not depend on docker/podman/lxc
73- "native:host"
74- ] ;
75- registrationTokenFile = "/var/lib/forgejo/runner_token" ;
66+ configuration = {
67+ services . forgejo . runner = {
68+ package = pkgs . forgejo-runner ;
69+
70+ instances = {
71+ legacyRegistration = {
72+ enable = true ;
73+ user = "runner-legacy" ;
74+ url = "http://localhost:3000" ;
75+ labels = [
76+ # type ":host" does not depend on docker/podman/lxc
77+ "native:host"
78+ ] ;
79+ registrationTokenFile = "/var/lib/forgejo/runner_token" ;
80+ } ;
81+ } ;
7682 } ;
7783 } ;
7884 } ;
8187 inheritParentConfig = true ;
8288 configuration . services . gitea-actions-runner = {
8389 package = pkgs . forgejo-runner ;
84- instances . " test" = {
90+ instances . test = {
8591 enable = true ;
8692 name = "ci" ;
8793 url = "http://localhost:3000" ;
269275 )
270276
271277 server.succeed("${ serverSystem } /specialisation/runner/bin/switch-to-configuration test")
272- server.wait_for_unit("forgejo-runner@test .service")
273- server.succeed("journalctl -o cat -u forgejo-runner@test .service | grep -q 'Runner registered successfully'")
278+ server.wait_for_unit("forgejo-runner@legacyRegistration .service")
279+ server.succeed("journalctl -o cat -u forgejo-runner@legacyRegistration .service | grep -q 'Runner registered successfully'")
274280
275281 # enable actions feature for this repository, defaults to disabled
276282 server.succeed(
You can’t perform that action at this time.
0 commit comments