kay/github-runner: refactor

author: sinanmohd <sinan@sinanmohd.com> 2025-03-06 18:34:46 +0530
committer: sinanmohd <sinan@sinanmohd.com> 2025-03-06 18:34:46 +0530
commit: ba7fec764066adf4a1beaa6df2b2e440d37f0366 (patch)
tree: c0411d737ca489241c162f66178f87e510f2c201
parent: ca94211f29129d8c0947a91d8f2cfcb76de9c0c8 (diff)
1 files changed, 19 insertions, 2 deletions
diff --git a/os/kay/modules/github-runner.nix b/os/kay/modules/github-runner.nix
index 2b838ae..dd4d48d 100644
--- a/os/kay/modules/github-runner.nix
+++ b/os/kay/modules/github-runner.nix
@@ -1,6 +1,8 @@
 { config, ... }:
 let
   repo = "nocodb/nocodb";
+  nocodbRunnerUser = "nocodbrunner";
+  user = config.global.userdata.name;
 in
 {
   sops.secrets = {
@@ -8,7 +10,21 @@ in
     "github-runner/age-master-key" = { };
   };
 
+  # required by github:nocodb/nocodb docker builds
+  virtualisation.docker.enable = true;
+  users.groups.${nocodbRunnerUser} = { };
+  users.extraGroups.docker.members = [
+    user
+    nocodbRunnerUser
+  ];
+  users.users.nocodbrunner = {
+    name = nocodbRunnerUser;
+    group = nocodbRunnerUser;
+    isSystemUser = true;
+  };
   services.github-runners.kay = {
+    user = nocodbRunnerUser;
+    group = nocodbRunnerUser;
     enable = true;
     noDefaultLabels = true;
     extraLabels = [ "nix" ];
@@ -18,7 +34,8 @@ in
 
   systemd.services."github-runner-kay" = {
     environment.SOPS_AGE_KEY_FILE = "%d/age-master-key";
-    serviceConfig.LoadCredential =
-      "age-master-key:${config.sops.secrets."github-runner/age-master-key".path}"; 
+    serviceConfig.LoadCredential = "age-master-key:${
+      config.sops.secrets."github-runner/age-master-key".path
+    }";
   };
 }
author	sinanmohd <sinan@sinanmohd.com>	2025-03-06 18:34:46 +0530
committer	sinanmohd <sinan@sinanmohd.com>	2025-03-06 18:34:46 +0530
commit	ba7fec764066adf4a1beaa6df2b2e440d37f0366 (patch)
tree	c0411d737ca489241c162f66178f87e510f2c201
parent	ca94211f29129d8c0947a91d8f2cfcb76de9c0c8 (diff)