From fc0fdbe85ed4b70f56fd5d81bc6769e034fce779 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Tue, 25 Jun 2024 14:33:54 +0200
Subject: [PATCH] nixos/gitlab-runner: allow access to podman socket

Allows access to podman control socket to gitlab-runner.
---
 .../services/continuous-integration/gitlab-runner.nix | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/nixos/modules/services/continuous-integration/gitlab-runner.nix b/nixos/modules/services/continuous-integration/gitlab-runner.nix
index 62c62c5d2360..406096536e40 100644
--- a/nixos/modules/services/continuous-integration/gitlab-runner.nix
+++ b/nixos/modules/services/continuous-integration/gitlab-runner.nix
@@ -4,6 +4,7 @@ with lib;
 let
   cfg = config.services.gitlab-runner;
   hasDocker = config.virtualisation.docker.enable;
+  hasPodman = config.virtualisation.podman.enable && config.virtualisation.podman.dockerSocket.enable;
 
   /* The whole logic of this module is to diff the hashes of the desired vs existing runners
   The hash is recorded in the runner's name because we can't do better yet
@@ -539,8 +540,11 @@ in {
       description = "Gitlab Runner";
       documentation = [ "https://docs.gitlab.com/runner/" ];
       after = [ "network.target" ]
-        ++ optional hasDocker "docker.service";
-      requires = optional hasDocker "docker.service";
+        ++ optional hasDocker "docker.service"
+        ++ optional hasPodman "podman.service";
+
+      requires = optional hasDocker "docker.service"
+        ++ optional hasPodman "podman.service";
       wantedBy = [ "multi-user.target" ];
       environment = config.networking.proxy.envVars // {
         HOME = "/var/lib/gitlab-runner";
@@ -562,7 +566,8 @@ in {
         # Make sure to restart service or changes won't apply.
         DynamicUser = true;
         StateDirectory = "gitlab-runner";
-        SupplementaryGroups = optional hasDocker "docker";
+        SupplementaryGroups = optional hasDocker "docker"
+          ++ optional hasPodman "podman";
         ExecStartPre = "!${configureScript}/bin/gitlab-runner-configure";
         ExecStart = "${startScript}/bin/gitlab-runner-start";
         ExecReload = "!${configureScript}/bin/gitlab-runner-configure";