runner
runner copied to clipboard
actions
check for your own process pid instead
fix issue where you get
Error: Could not find a part of the path '/proc/1/cgroup'.
when trying to use service with a less privileged runner
Hey @ilyakooo0, is there something preventing this PR from getting merged?
@paksk-pcs here is how i use it on NixOS:
{ config, pkgs, lib, ... }:
let
github-runner = pkgs.github-runner.overrideAttrs(old: rec {
version = "2.307.4";
src = pkgs.fetchFromGitHub {
owner = "peterromfeldhk";
repo = "actions-runner";
rev = "v${version}";
hash = "sha256-g+0lF628s9uGNwDR8kpxxNBEBBnPMmu+S5Ue7+MDsSk=";
leaveDotGit = true;
postFetch = ''
git -C $out rev-parse --short HEAD > $out/.git-revision
rm -rf $out/.git
'';
};
});
in {
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
virtualisation.docker.enable = true;
nixpkgs.config.permittedInsecurePackages = [ "nodejs-16.20.1" ];
users.groups.github-runner = {};
users.users.github-runner = {
isSystemUser = true;
shell = pkgs.bash;
group = config.users.groups.github-runner.name;
extraGroups = [ "wheel" "docker" ];
};
sops.secrets.peter-github-runner-token = {
owner = config.users.users.github-runner.name;
group = config.users.users.github-runner.group;
};
services.github-runners = let
runner-defaults = {
enable = true;
name = "nix";
replace = true;
extraLabels = [ "nixos" ];
user = config.users.users.github-runner.name;
package = github-runner;
extraPackages = [
pkgs.docker
];
extraEnvironment = {
NIX_PATH = "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos";
};
# serviceOverrides = {};
};
in {
peter-romfeld-bcw = runner-defaults // {
tokenFile = config.sops.secrets.peter-github-runner-token.path;
url = "https://github.com/peterromfeldhk/pyshortly";
};
};
services.cron = {
enable = true;
systemCronJobs = [
"@hourly root ${pkgs.docker-gc}/bin/docker-gc"
];
};
}