fix: append unix user to additional groups

2026-06-11 17:20:51 +02:00
parent c6308901df
commit 3fd470fe3b
4 changed files with 13 additions and 2 deletions
@@ -95,6 +95,7 @@ Found roles matching your search:
 | `gitea_runner_config.container.require_docker` | Always require a reachable docker daemon                                         | `false`                                                                                                                                                                                                           |
 | `gitea_runner_config.container.docker_timeout` | Timeout to wait for the docker daemon to be reachable                            | `0s`                                                                                                                                                                                                              |
 | `gitea_runner_config.host.workdir_parent`      | The parent directory of a job's working directory                                | `nil`                                                                                                                                                                                                             |
+| `gitea_runner_unix_extra_groups`               | List of additional unix groups to append the executing gitea-runner user to.     | `[]`                                                                                                                                                                                                              |
 | `gitea_runner_gitea_url`                       | The URL of the Gitea instance                                                    | `""`                                                                                                                                                                                                              |
 | `gitea_runner_token`                           | The registration token for the gitea_runner                                      | `""`                                                                                                                                                                                                              |

@@ -75,6 +75,10 @@ gitea_runner_config:
    ## @param gitea_runner_config.host.workdir_parent The parent directory of a job's working directory
    workdir_parent:

+## @param gitea_runner_unix_extra_groups List of additional unix groups to append the executing gitea-runner user to.
+gitea_runner_unix_extra_groups: []
+# - docker
+
 ## @param gitea_runner_gitea_url The URL of the Gitea instance
 gitea_runner_gitea_url: ""

@@ -26,8 +26,7 @@
  failed_when: _gitea_check.status is not defined or _gitea_check.status >= 400

 - name: Install gitea-runner and dependencies
-  when:
-  - ansible_facts['distribution'] == 'Archlinux'
+  when: ansible_facts['distribution'] == 'Archlinux'
  block:
  - name: Update package cache
    community.general.pacman:
@@ -38,6 +37,12 @@
      state: present
    with_items: "{{ gitea_runner_package_names }}"

+- name: Add unix user to further groups
+  ansible.builtin.user:
+    name: "{{ gitea_runner_unix_user }}"
+    groups: "{{ gitea_runner_unix_groups + gitea_runner_unix_extra_groups }}"
+    append: true
+
 - name: Create gitea-runner config directory
  ansible.builtin.file:
    path: "{{ gitea_runner_config_file | dirname }}"
@@ -7,5 +7,6 @@ gitea_runner_service_name: gitea-runner

 gitea_runner_unix_user: gitea-runner
 gitea_runner_unix_group: gitea-runner
+gitea_runner_unix_groups: []

 gitea_runner_lib_dir: /var/lib/gitea-runner