From c3c2261435bf09682454e20548168ff2a8c10470 Mon Sep 17 00:00:00 2001
From: Matthias Tafelmeier <matthias.tafelmeier@gmx.net>
Date: Thu, 8 Jun 2023 23:24:19 +0200
Subject: [PATCH] make basic post checkout step working

---
 .../nix_config/ci-runner/configuration.nix    | 20 +++++++++++++++----
 .github/workflows/controller.yml              |  1 -
 2 files changed, 16 insertions(+), 5 deletions(-)
 mode change 100644 => 100755 .github/nix_config/ci-runner/configuration.nix

diff --git a/.github/nix_config/ci-runner/configuration.nix b/.github/nix_config/ci-runner/configuration.nix
old mode 100644
new mode 100755
index b1d3cf3d..c5e2d4ba
--- a/.github/nix_config/ci-runner/configuration.nix
+++ b/.github/nix_config/ci-runner/configuration.nix
@@ -34,9 +34,20 @@
       url = "https://github.com/cherusk/godon";
       tokenFile = "/srv/gh_runner.token";
       extraLabels = [ "nixos" "osuosl" ];
+      extraPackages = with pkgs; [ nixos-generators mask docker ];
+      workDir = "/github-runner/";
+      serviceOverrides = {
+        PrivateUsers = false;
+        DynamicUser = false;
+        PrivateDevices = false;
+        PrivateMounts = false;
+      };
     };
   };
 
+  # create github-runner work dir
+  systemd.tmpfiles.rules = [ "d /github-runner/ 0755 root root -" ];
+
   environment.systemPackages = let pythonModules = pythonPackages: with pythonPackages; [ pyyaml ];
   in with pkgs; [
     (python3.withPackages pythonModules)
@@ -59,6 +70,7 @@
     killall
     mask
     nmap
+    nixos-generators
     openssh
     parted
     pciutils
@@ -82,15 +94,15 @@
     ];
   };
 
-  users.users.github-runner = {
+  users.users.github-runner-nixos = {
     isNormalUser = true;
-    home = "/home/github-runner/";
+    home = "/home/github-runner-nixos/";
+    extraGroups = [ "wheel" "docker" "libvirtd" ];
     openssh.authorizedKeys.keys = [
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLt7w6tl++WJT/Bn1HsOep25KpgL867SuZAnK5ifOgd6wS0PxHGiCD/4A0RSHdHZTXMv37DGlC36rhlWJUdsncI5O1F5Ay2d626fPg+REaGi8R7Hox/qInkDs9/NS2IbZvQaYIdeDK151McagWijRFCxTEMYftpslXWKiN5ckP/KjFdUkS7fKcGwqk+UFy7ehMF42i8MUOdkZMJwy8Yc2y4FTdzlrh8VELkMxCePcU9LrvwY5sSh9j65Q5IcIBlma36JMJZQLuEWi7oEGAASehUNeMXs9WFkbyCCWdR1PjHNfbrgZUpgw71SkiQrM8+9/jcfyl5kfkn+GUECQcWBDQnbi809re1ZVmOSUrDBAoEAevFO8qHLgz0d9H0Zs/EOghyN+a4eBLB3et46F733GYGGO4AMMvRSibeyHCLINCLeV19FkHXSxD5iXTRt6WXo3vhKC/tw0XN0yNSOc1nHC+azAJxG6zOxzUzXjC9c1wxaWmGReeanlefQTHVRcMtBfm1NAOwaD0DubSTEBeRRMHfW2ZRs3nV0l73HJWh9J8+5MTpCOK7BGzC0LILMsSqpltUTLI3YmFO5Ly9RokUbcFmnn4Yu4IreTITMmn73CuLNkjZIKwucWmJkWNmWc1hrLRO12Yad/aQS+rczKcQFoNXl+bBmIAOWYJ1C6mSKG/Hw== ci_runner@gh"
     ];
   };
 
-
   virtualisation = {
     docker.enable = true;
     vswitch.enable = true;
@@ -107,5 +119,5 @@
 
   nixpkgs.config.allowUnfree = true;
 
-  system.nixos.version = "21.11";
+  system.nixos.version = "23.05";
 }
diff --git a/.github/workflows/controller.yml b/.github/workflows/controller.yml
index a642d2bf..a9156f94 100644
--- a/.github/workflows/controller.yml
+++ b/.github/workflows/controller.yml
@@ -32,4 +32,3 @@ jobs:
         - name: do post checkout
           run: >
             pushd api && mask api generate && popd;
-            chown -R github-runner:users *