29 lines
603 B
Nix
29 lines
603 B
Nix
{ config
|
|
, pkgs
|
|
, lib
|
|
, ...
|
|
}@args:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.services.github-runner;
|
|
svcName = "github-runner";
|
|
|
|
in
|
|
|
|
{
|
|
options.services.github-runner = import ./github-runner/options.nix args;
|
|
|
|
config = mkIf cfg.enable {
|
|
warnings = optionals (isStorePath cfg.tokenFile) [
|
|
''
|
|
`services.${svgName}.tokenFile` points to the Nix store and, therefore, is world-readable.
|
|
Consider using a path outside of the Nix store to keep the token private.
|
|
''
|
|
];
|
|
|
|
systemd.services.${svcName} = import ./github-runner/service.nix (args // { inherit svcName; });
|
|
};
|
|
}
|