From 91bf483f87f4bdc77baffe1540808410d11fa9de Mon Sep 17 00:00:00 2001
From: Vincent Haupert <mail@vincent-haupert.de>
Date: Sat, 27 Mar 2021 16:14:29 +0100
Subject: [PATCH] nixos/github-runner: create a parent for systemd dirs

Adds a parent directory "github-runner/" to all of the systemd lifecycle
directories StateDirectory=, RuntimeDirectory= and LogDirectory=.

Doing this has two motivations:

1. Something like this would required if we want to support multiple
   runners configurations. Please note that this is already possible
   using NixOS containers.
2. Having an additional parent directory makes it easier to remap
   any of the directories. Without a parent, systemd is going to
   complain if, for example, the given StateDirectory= is a symlink.
---
 .../continuous-integration/github-runner.nix  | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/nixos/modules/services/continuous-integration/github-runner.nix b/nixos/modules/services/continuous-integration/github-runner.nix
index 9e65b916b7428d1..55be2092b02ebc8 100644
--- a/nixos/modules/services/continuous-integration/github-runner.nix
+++ b/nixos/modules/services/continuous-integration/github-runner.nix
@@ -2,8 +2,10 @@
 with lib;
 let
   cfg = config.services.github-runner;
-  name = "github-runner";
-  runnerRoot = "/run/${name}"; # RuntimeDirectory=
+  svcName = "github-runner";
+  systemdDir = "${svcName}/${cfg.name}";
+  systemdUser = "${svcName}-${cfg.user}";
+  runnerRoot = "/run/${systemdDir}"; # RuntimeDirectory=
 in
 {
   options.services.github-runner = {
@@ -101,7 +103,7 @@ in
       ''
     ];
 
-    systemd.services.${name} = {
+    systemd.services.${svcName} = {
       description = "GitHub Actions runner";
 
       wantedBy = [ "multi-user.target" ];
@@ -139,7 +141,7 @@ in
           let
             currentConfigPath = "$STATE_DIRECTORY/.nixos-current-config.json";
             runnerRegistrationConfig = getAttrs [ "name" "tokenFile" "url" "runnerGroup" "extraLabels" ] cfg;
-            newConfigPath = builtins.toFile "${name}-config.json" (builtins.toJSON runnerRegistrationConfig);
+            newConfigPath = builtins.toFile "${svcName}-config.json" (builtins.toJSON runnerRegistrationConfig);
             currentConfigTokenFilename = ".current-token";
             newConfigTokenFilename = ".new-token";
             runnerCredFiles = [
@@ -233,20 +235,18 @@ in
           ];
 
         # Contains _diag
-        LogsDirectory = name;
+        LogsDirectory = [ systemdDir ];
         # Default RUNNER_ROOT which contains ephemeral Runner data
-        RuntimeDirectory = name;
+        RuntimeDirectory = [ systemdDir ];
         # Home of persistent runner data, e.g., credentials
-        StateDirectory = name;
+        StateDirectory = [ systemdDir ];
         StateDirectoryMode = "0700";
         WorkingDirectory = runnerRoot;
 
-        # By default, use a dynamically allocated user with a name and group
-        # equal to the service unit name (which is the systemd default for
-        # DynamicUser=true; just set explicitly for the sake of clarity).
+        # By default, use a dynamically allocated user
         DynamicUser = true;
-        User = name;
-        Group = name;
+        User = systemdUser;
+        Group = User;
 
         KillMode = "process";
         KillSignal = "SIGTERM";