these changes were generated with nixq 0.0.2, by running
nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix
two mentions of the mdDoc function remain in nixos/, both of which
are inside of comments.
Since lib.mdDoc is already defined as just id, this commit is a no-op as
far as Nix (and the built manual) is concerned.
This fixes an issue where running the official `actions/checkout` action
from GitHub on a runner with label `:host`, would fail with incredibly
unhelpful error messages.
Turns out, this is due to `$HOME` not being set.
Similar to the `user` option, the added `group` option sets the group of
the executing process. If not `null`, it also sets `DynamicUser=false`.
In case `user` is set to `null` (the default), systemd would run the
service as root implicitly. As this is dangerous and most certainly not
what users want, we force them to set `user = "root"` explicitly if
that's really their intention. That's achieved through an assertion.
The `github-runner` package only supports `nodejs_20` since `nodejs_16`
was removed in a2976db919.
It still makes sense to keep the `nodeRuntimes` option as this is
probably not the last Node.js we'll deprecate with at least some grace
period.
Older versions of the github-runner package might not have the
`nodeRuntimes` argument yet causing an error as the NixOS module always
tries to override the argument.
The commit makes sure we only override `nodeRuntimes` if the configured
package has a `nodeRuntimes` argument.
The daemon setup itself only requires the firewall to be up.
Workers will connect itself as they can reach the master instance.
That's why we don't need an online target for buildbot to function.
Only one extra group was add. Some times you want the agents users to
be member of other groups like 'docker'. This change make this possible.
Co-authored-by: Florian Klink <flokli@flokli.de>
This will cause systemd to chown /var/lib/jenkins to the user that
the jenkins systemd service runs as, fixing permission issues when
mounting /var/lib/jenkins from another data volume.
It uses the same logic that garage is using, too, checking for the
prefix.
The next commit is going to add an option which takes a list of
packages. So the example must be converted to make it documentable.
This will also allow adding comments, to explain why some options are
used.
* remove `with`
* replace specific hooks with attrsOf lines
To be flexible, should they change.
* make hooks with writeShellApplication
- Previously hooks would not build if they used a heredoc with `EOF`
- To shellcheck hooks
* format with nixpkgs-fmt
* remove removed option module
This prevents issues I'm seeing with the hydra I'm running on my laptop.
Every time I reboot it I see eval errors like this:
```
error fetching latest change from git repo at `https://github.com/nixos/nixpkgs.git':
fatal: unable to access 'https://github.com/nixos/nixpkgs.git/': Could not resolve host: github.com
```
This is because the evaluator already starts before the network is
actually online. It should wait until the network is fully online before
starting evaluation to prevent evaluation errors like above.
Nothing the script `config.sh` does prior to the final call to
`Runner.Listener configure` is relevant for the systemd service.
Particularly, we don't need (nor want) any of the artifacts the `env.sh`
script creates.
We’ve been having trouble figuring out which kind of token to use and
why our setup would break every few system updates.
This should clarify which options there are, and which ones lead to
better results.
Ideally there would be a manual section that has a step-by-step guide
on how to set up the github runner, with screenshots and everything.
Purge contents of `workDir` as root to also allow the removal of files
marked as read-only. It is easy to create read-only files in `workDir`,
e.g., by copying files from the Nix store.
The `serviceOverrides` module option is commonly used to loosen the
systemd unit's hardening. This commit merges the `serviceConfig` with
`mkMerge` instead of using the update operator `//` which discards all
existing values on conflict. To avoid a breaking change which requires
defining each option with a higher priority (e.g., through `mkForce`),
this commit prefixes hardening values with `mkDefault`.
Notable exceptions are list hardening options which use `mkBefore`
instead of `mkDefault`. This allows for easy extension of the existing
settings. Resetting redefinitions are still possible through `mkForce`.
when you register a runner with spaces in its name (possible if you use 'description' option) then the runners never get unregistered because our bash scripts assume no space in names.
This solves the issue
Retreiving the fullname of the runner via `gitlab-runner list` got surprisingly hard between lazy-capture issues and `gitlab-runner list` displaying invisible (CSI) characters that break the regex etc.
Which is why I fell back on the pseudo-json format.
This PR adds the hash in the name, which allows to keep both the
stateless aspect of the module while allowing for a freeform name.
I found using bash associative arrays easier to use/debug than the current
approach.
On some occasions, the GitHub runner service encounters errors which are
deemed retryable but result in the runner's termination. To signal a
retryable error, the runner exits with status code 2:
https://github.com/actions/runner/blob/40ed7f8/src/Runner.Common/Constants.cs#L146
To account for that behavior, this commit sets
`RestartForceExitStatus=2` which results in a service restart regardless
of using an ephemeral runner or not.
The new defaults allows jenkins-job-builder to reload the configuration
out-of-the-box, whereas the previous defaults required users to manually
reload/restart jenkins, or configure accessUser/accessTokenFile
themselves.
(If `extraJavaOptions = [ "-Djenkins.install.runSetupWizard=false" ]`
then the initial admin user is *not* created and you have to use JCasC
or something else to bootstrap.)
