UGA-Innovation-Factory/athenix
3
1
Fork 0
Code Issues Pull Requests Actions Projects Releases Activity

nix fmt

Browse Source
This commit is contained in:
Hunter Halloran
2025-12-17 11:44:10 -05:00
parent 35b4572b42
commit b1ae664ab0
2 changed files with 21 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
hosts/default.nix
View File

@@ -73,7 +73,12 @@ let
# Each wrapper checks if the user is enabled before applying the module content # Each wrapper checks if the user is enabled before applying the module content
userNixosModules = lib.mapAttrsToList ( userNixosModules = lib.mapAttrsToList (
name: modulePath: name: modulePath:
{ config, lib, pkgs, ... }@args: {
config,
lib,
pkgs,
...
}@args:
let let
# Import the user's nixos module - it returns a function or attrset # Import the user's nixos module - it returns a function or attrset
importedModuleFunc = import modulePath { inherit inputs; }; importedModuleFunc = import modulePath { inherit inputs; };

28
sw/builders/services.nix
View File

@@ -34,7 +34,7 @@ mkIf builderCfg.githubRunner.enable {
TimeoutStopSec = 60; TimeoutStopSec = 60;
# Restart on failure, but not immediately # Restart on failure, but not immediately
RestartSec = 10; RestartSec = 10;
# Disable all namespace isolation features that don't work in LXC containers # Disable all namespace isolation features that don't work in LXC containers
PrivateMounts = mkForce false; PrivateMounts = mkForce false;
MountAPIVFS = mkForce false; MountAPIVFS = mkForce false;
@@ -50,26 +50,26 @@ mkIf builderCfg.githubRunner.enable {
ProtectKernelTunables = mkForce false; ProtectKernelTunables = mkForce false;
ProtectKernelModules = mkForce false; ProtectKernelModules = mkForce false;
ProtectControlGroups = mkForce false; ProtectControlGroups = mkForce false;
# Use LoadCredential to securely pass the token file to the service # Use LoadCredential to securely pass the token file to the service
# This allows the service to read the token even when running as non-root # This allows the service to read the token even when running as non-root
LoadCredential = "token:${builderCfg.githubRunner.tokenFile}"; LoadCredential = "token:${builderCfg.githubRunner.tokenFile}";
# Don't override ExecStartPre - let the default module handle configuration # Don't override ExecStartPre - let the default module handle configuration
# Just make the cleanup more tolerant by wrapping the original script # Just make the cleanup more tolerant by wrapping the original script
ExecStartPre = mkForce ( ExecStartPre = mkForce (
let let
# Get the runner package and scripts # Get the runner package and scripts
runnerPkg = pkgs.github-runner; runnerPkg = pkgs.github-runner;
# Create wrapper scripts that are failure-tolerant # Create wrapper scripts that are failure-tolerant
unconfigureWrapper = pkgs.writeShellScript "github-runner-unconfigure-wrapper.sh" '' unconfigureWrapper = pkgs.writeShellScript "github-runner-unconfigure-wrapper.sh" ''
set +e # Don't fail on errors set +e # Don't fail on errors
runnerDir="$1" runnerDir="$1"
stateDir="$2" stateDir="$2"
logDir="$3" logDir="$3"
# If directory is busy, just skip cleanup with a warning # If directory is busy, just skip cleanup with a warning
if [ -d "$runnerDir" ]; then if [ -d "$runnerDir" ]; then
echo "Attempting cleanup of $runnerDir..." echo "Attempting cleanup of $runnerDir..."
@@ -77,15 +77,15 @@ mkIf builderCfg.githubRunner.enable {
echo "Warning: Cleanup had issues (directory may be in use), continuing anyway..." echo "Warning: Cleanup had issues (directory may be in use), continuing anyway..."
} }
fi fi
exit 0 exit 0
''; '';
configureScript = pkgs.writeShellScript "github-runner-configure.sh" '' configureScript = pkgs.writeShellScript "github-runner-configure.sh" ''
set -e set -e
runnerDir="${builderCfg.githubRunner.workDir}/${builderCfg.githubRunner.name}" runnerDir="${builderCfg.githubRunner.workDir}/${builderCfg.githubRunner.name}"
# Read token from systemd credential (passed via LoadCredential) # Read token from systemd credential (passed via LoadCredential)
if [ -n "''${CREDENTIALS_DIRECTORY:-}" ] && [ -f "''${CREDENTIALS_DIRECTORY}/token" ]; then if [ -n "''${CREDENTIALS_DIRECTORY:-}" ] && [ -f "''${CREDENTIALS_DIRECTORY}/token" ]; then
token=$(cat "''${CREDENTIALS_DIRECTORY}/token") token=$(cat "''${CREDENTIALS_DIRECTORY}/token")
@@ -93,11 +93,13 @@ mkIf builderCfg.githubRunner.enable {
echo "Error: Token credential not available" echo "Error: Token credential not available"
exit 1 exit 1
fi fi
cd "$runnerDir" cd "$runnerDir"
# Configure the runner, optionally replacing existing registration # Configure the runner, optionally replacing existing registration
if [ ! -f ".runner" ] || [ "${if builderCfg.githubRunner.replace then "true" else "false"}" = "true" ]; then if [ ! -f ".runner" ] || [ "${
if builderCfg.githubRunner.replace then "true" else "false"
}" = "true" ]; then
echo "Configuring GitHub Actions runner..." echo "Configuring GitHub Actions runner..."
${runnerPkg}/bin/Runner.Listener configure \ ${runnerPkg}/bin/Runner.Listener configure \
--unattended \ --unattended \