move around

2024-03-28 14:55:31 +01:00
parent 6b1f2cf9de
commit 9b088ec40a
17 changed files with 79 additions and 78 deletions
--- a/modules/services/github-runner.nix
+++ b/modules/services/github-runner.nix
@@ -0,0 +1,42 @@
+{ config, pkgs, lib, inputs, ... }:
+{
+    nixpkgs.config.permittedInsecurePackages = [
+        "nodejs-16.20.2"
+    ];
+    
+    users.groups.github-actions-runner = {};
+    users.users.github-actions-runner = {
+        isSystemUser = true;
+        hashedPasswordFile = config.age.secrets.github-runner-pw.path;
+        group = "github-actions-runner";
+        extraGroups = [ "docker" ];
+    };
+    age.secrets.github-runner-token = {
+        file = ../../secrets/github-runner-token.age;
+        owner = "github-actions-runner";
+        group = "github-actions-runner";
+    };
+    age.secrets.github-runner-pw = {
+        file = ../../secrets/github-runner-pw.age;
+        owner = "github-actions-runner";
+        group = "github-actions-runner";
+    };
+    systemd.tmpfiles.rules = [
+        "d /github-actions-runner 0770 github-actions-runner github-actions-runner -"
+        "d /data 0770 github-actions-runner nginx -"
+        "d /data/website 0770 github-actions-runner nginx -"
+    ];
+    services.github-runner = {
+        enable = true;
+        name = "nixos-server";
+        tokenFile = config.age.secrets.github-runner-token.path;
+        url = "https://github.com/oberprofis";
+        user = "github-actions-runner";
+        workDir = "/github-actions-runner";
+        extraPackages = with pkgs; [ rsync nodePackages.pnpm nodejs_18 ];
+        serviceOverrides = {
+            BindPaths= [ "/github-actions-runner" "/data/website" ];
+            UMask = "022";
+        };
+    };
+}