satr14/nix-flake
1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

workflow verbosity and sudo fix
Some checks failed
Activate NixOS Homelab Configuration On Push / build-and-activate (push) Failing after 29s
Details

Browse source
This commit is contained in:
Satria 2026-03-14 10:33:04 +07:00
commit 6024695830
2 changed files with 11 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

8
.forgejo/workflows/activate.yml
View file

@ -15,10 +15,10 @@ jobs:
shell: /bin/sh -e {0} shell: /bin/sh -e {0}
steps: steps:
- name: Clone - name: Clone
run: git clone http://localhost:5080/satr14/nix-flake.git src run: git clone -v http://localhost:5080/satr14/nix-flake.git src
- name: Build - name: Build
run: nixos-rebuild build --flake ./src#homelab run: nixos-rebuild build --flake ./src#homelab -L --show-trace -v
- name: Activate - name: Activate
run: sudo nixos-rebuild switch --flake ./src#homelab run: sudo nixos-rebuild switch --flake ./src#homelab -L --show-trace -v
- name: Clean - name: Clean
run: rm -rf src run: rm -rfv src

8
modules/system/homelab/git.nix
View file

@ -1,4 +1,4 @@
{ pkgs, homelab, ... }: { { lib, pkgs, homelab, ... }: {
security.sudo.extraRules = [{ # for configuration activation on push to git security.sudo.extraRules = [{ # for configuration activation on push to git
users = [ "gitea-runner" ]; users = [ "gitea-runner" ];
commands = [{ commands = [{
@ -63,4 +63,10 @@
hostPackages = with pkgs; [ bash coreutils git nix nodejs ]; hostPackages = with pkgs; [ bash coreutils git nix nodejs ];
}; };
}; };
systemd.services."gitea-runner-nixos-deploy".serviceConfig = {
# Force systemd to allow privilege escalation (sudo) for this service
NoNewPrivileges = lib.mkForce false;
RestrictSUIDSGID = lib.mkForce false;
PrivateUsers = lib.mkForce false;
};
} }