devops
- Instead of using 2 tools, I can use 1.
- Just still feels nicer to me, perhaps because I’m more used to it, but Mise is good enough that I don’t think I’d miss the extra features.
- Mise lets you write tasks in separate files, which lets any editor handle them well without having to support justfile syntax, but still shares a CLI with inline tasks.
- Set up the runner user. Since I was using Podman, not Docker, I didn’t have to add it to the
docker
group. As root: - Allow that user to run commands via
systemctl
without logging in and launching them manually: - Use
machinectl
instead ofsu
to become theforgejo-runner
user. Without this, mostsystemd
commands will fail with theFailed to connect to bus: No medium found
message. I’m certain there’s a way to getsu
orsudo
to play nicely withdbus
but I had more interesting problems to solve today than this. - Run
podman-system-service
as theforgejo-runner
user: - Run the
forgejo-runner
program as theforgejo-runner
user. I lightly modified the standard forgejo-runner.service file:
I’ve spent too much of this weekend writing Ansible to make all my Raspberry Pis similar.
This might say more than I’d wish about my nerd level, and about how many tiny computers I have laying around.
I’ve been using Just for a while as a task runner. It’s similar to Make, but optimized for developer ergonomics with a vastly simpler syntax and a wonderful CLI. I’d also been using Mise for other environment management things, such as installing specific versions of Python and NPM and other tools in a project directory.
Someone introduced me to Mise’s own newish task runner, and it just might win me over from Just for most things:
I like it.
Forgejo Runner in rootless Podman on Debian
I wanted to experiment with Forgejo’s Actions as a DIY alternative to GitHub Actions, using a nearby Raspberry Pi as a build server. I also wanted to deviate slightly from their Runner installation process by executing the Runner and rootless Podman as a regular, non-privileged user and without using the system-level systemctl
. It was pretty easy once I wrapped my head around it.
root# useradd --create-home forgejo-runner
This created user number 1001
on my system. Remember that number later when it’s time to configure systemd
.
root# loginctl enable-linger forgejo-runner
root# apt install systemd-container
root# machinectl shell forgejo-runner@
$ systemctl --user enable podman.socket
$ systemctl --user start podman.socket
$ cat > .config/systemd/user/forgejo-runner.service <<EOHD
[Unit]
Description=Forgejo Runner
Documentation=https://forgejo.org/docs/latest/admin/actions/
After=podman.socket
[Service]
ExecStart=/usr/local/bin/forgejo-runner daemon
ExecReload=/bin/kill -s HUP $MAINPID
# 1001 is the forgejo-runner user's UID
Environment="DOCKER_HOST=unix:///run/user/1001/podman/podman.sock"
# This user and working directory must already exist
WorkingDirectory=/home/forgejo-runner
Restart=on-failure
TimeoutSec=0
RestartSec=10
[Install]
WantedBy=default.target
EOHD
$ systemctl --user daemon-reload
$ systemctl --user enable forgejo-runner.service
$ systemctl --user start forgejo-runner.service
I rebooted my RPi to make sure it would start on its own and it did. Yay! Now I can run Forgejo Actions on my little server and everything works as documented.