modules(drone-exec-runner): moar better

2021-07-26 02:47:50 +02:00 · 2021-07-26 02:47:50 +02:00 · accadf9f12
commit accadf9f12
parent fb954f2d77
1 changed files with 53 additions and 45 deletions
--- a/modules/servers/drone-exec-runner.nix
+++ b/modules/servers/drone-exec-runner.nix
@ -2,49 +2,56 @@
 with lib;
 with types;
 let
-  cfg = config.services.drone-exec-runner;
-in
-  {
-    options.services.drone-exec-runner = {
+  runners = config.services.drone-exec-runner;
+  runnerOpts = {
+    options = {
      enable = mkEnableOption "Enable an Drone CI/CD Exec Runner";
-      package = mkOption {
-        type = package;
-        default = pkgs.drone-runner-exec;
-        defaultText = "pkgs.drone-runner-exec";
-      };
-      env = mkOption {
-        type = listOf str;
-        description = "Environment strings (e.g. DRONE_RUNNER_CAPACITY, CLIENT_DRONE_RPC_HOST, etc.)";
-        example = [
-          "DRONE_RUNNER_CAPACITY=10"
-          "CLIENT_DRONE_RPC_HOST=127.0.0.1:3030"
-        ];
-      };
-      envFile = mkOption {
-        type = str;
-        description = "Path to the environment file (may contains secrets, notably the shared RPC secret)";
-      };
-      user = mkOption {
-        type = str;
-        default = "drone-runner-exec";
-      };
-      group = mkOption {
-        type = str;
-        default = "drone-runner-exec";
-      };
-      allowedPackages = mkOption {
-        type = listOf package;
-        default = with pkgs; [
-          git
-          gnutar
-          bash
-          nixUnstable
-          gzip
-        ];
+        package = mkOption {
+          type = package;
+          default = pkgs.drone-runner-exec;
+          defaultText = "pkgs.drone-runner-exec";
+        };
+        env = mkOption {
+          type = listOf str;
+          description = "Environment strings (e.g. DRONE_RUNNER_CAPACITY, CLIENT_DRONE_RPC_HOST, etc.)";
+          example = [
+            "DRONE_RUNNER_CAPACITY=10"
+            "CLIENT_DRONE_RPC_HOST=127.0.0.1:3030"
+          ];
+        };
+        envFile = mkOption {
+          type = str;
+          description = "Path to the environment file (may contains secrets, notably the shared RPC secret)";
+        };
+        user = mkOption {
+          type = str;
+          default = "drone-runner-exec";
+        };
+        group = mkOption {
+          type = str;
+          default = "drone-runner-exec";
+        };
+        allowedPackages = mkOption {
+          type = listOf package;
+          default = with pkgs; [
+            git
+            gnutar
+            bash
+            nix
+            gzip
+          ];
+        };
      };
    };
-    config = mkIf cfg.enable {
-      systemd.services.drone-runner-exec = {
+in
+  {
+    options.services.drone-exec-runner = mkOption {
+      type = attrsOf (submodule runnerOpts);
+      default = {};
+    };
+
+    config = mkIf (any (catAttrs "enable" (attrValues runners))) {
+      systemd.services = mapAttrs' (runnerName: cfg: nameValuePair ("drone-exec-runner-${runnerName}") ({
        wantedBy = [ "multi-user.target" ];

        confinement.enable = true;
@ -81,12 +88,13 @@ in
          User = cfg.user;
          Group = cfg.group;
        };
-      };
+      }) runners;

-      users.users.${cfg.user} = {
+      users.users = mapAttrs' (_: cfg: nameValuePair cfg.user ({
        isSystemUser = true;
-        group = cfg.group;
-      };
-      users.groups.${cfg.group} = {};
+        inherit (cfg) group;
+      })) runners;
+
+      users.groups = mapAttrs' (_: cfg: nameValuePair cfg.group {}) runners;
    };
  }