devops
- Instead of using 2 tools, I can use 1.
- Just still feels nicer to me, perhaps because I’m more used to it, but Mise is good enough that I don’t think I’d miss the extra features.
- Mise lets you write tasks in separate files, which lets any editor handle them well without having to support justfile syntax, but still shares a CLI with inline tasks.
- Set up the runner user. Since I was using Podman, not Docker, I didn’t have to add it to the
docker
group. As root: - Allow that user to run commands via
systemctl
without logging in and launching them manually: - Use
machinectl
instead ofsu
to become theforgejo-runner
user. Without this, mostsystemd
commands will fail with theFailed to connect to bus: No medium found
message. I’m certain there’s a way to getsu
orsudo
to play nicely withdbus
but I had more interesting problems to solve today than this. - Run
podman-system-service
as theforgejo-runner
user: - Run the
forgejo-runner
program as theforgejo-runner
user. I lightly modified the standard forgejo-runner.service file:
I’ve been using Just for a while as a task runner. It’s similar to Make, but optimized for developer ergonomics with a vastly simpler syntax and a wonderful CLI. I’d also been using Mise for other environment management things, such as installing specific versions of Python and NPM and other tools in a project directory.
Someone introduced me to Mise’s own newish task runner, and it just might win me over from Just for most things:
I like it.
Forgejo Runner in rootless Podman on Debian
I wanted to experiment with Forgejo’s Actions as a DIY alternative to GitHub Actions, using a nearby Raspberry Pi as a build server. I also wanted to deviate slightly from their Runner installation process by executing the Runner and rootless Podman as a regular, non-privileged user and without using the system-level systemctl
. It was pretty easy once I wrapped my head around it.
root# useradd --create-home forgejo-runner
This created user number 1001
on my system. Remember that number later when it’s time to configure systemd
.
root# loginctl enable-linger forgejo-runner
root# apt install systemd-container
root# machinectl shell forgejo-runner@
$ systemctl --user enable podman.socket
$ systemctl --user start podman.socket
$ cat > .config/systemd/user/forgejo-runner.service <<EOHD
[Unit]
Description=Forgejo Runner
Documentation=https://forgejo.org/docs/latest/admin/actions/
After=podman.socket
[Service]
ExecStart=/usr/local/bin/forgejo-runner daemon
ExecReload=/bin/kill -s HUP $MAINPID
# 1001 is the forgejo-runner user's UID
Environment="DOCKER_HOST=unix:///run/user/1001/podman/podman.sock"
# This user and working directory must already exist
WorkingDirectory=/home/forgejo-runner
Restart=on-failure
TimeoutSec=0
RestartSec=10
[Install]
WantedBy=default.target
EOHD
$ systemctl --user daemon-reload
$ systemctl --user enable forgejo-runner.service
$ systemctl --user start forgejo-runner.service
I rebooted my RPi to make sure it would start on its own and it did. Yay! Now I can run Forgejo Actions on my little server and everything works as documented.