You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
77 lines
3.6 KiB
77 lines
3.6 KiB
|
|
param (
|
|
[Parameter(Mandatory=$true)][string]$Runner = $(
|
|
Read-Host "Runner name (e.g. pEpSecRunner)" )
|
|
[string]$RunnerBinary = "gitlab-runner-windows-amd64.exe"
|
|
)
|
|
|
|
if ( -not $Runner.endswith("Runner") ) { $Runner = $Runner + "Runner" }
|
|
|
|
New-Item -ItemType Directory -Force -Path "$Env:ProgramFiles\GitLabCI" | Out-Null
|
|
if ((Get-Item "$Env:ProgramFiles\GitLabCI\gitlab-runner.exe") -eq $Null) {
|
|
Copy-Item "$RunnerBinary" -Destination "$Env:ProgramFiles\GitLabCI\gitlab-runner.exe"
|
|
}
|
|
|
|
$ServSuffixCount = 1
|
|
$ServSuffix = ""
|
|
do {
|
|
$s = Get-Service "GitLab$Runner$ServSuffix" -ea 0
|
|
if ($s -ne $Null) {
|
|
$ServSuffixCount += 1
|
|
$ServSuffix = "$ServSuffixCount"
|
|
}
|
|
} while ($s -ne $Null)
|
|
|
|
# Create User for runner
|
|
# Lifted from https://activedirectoryfaq.com/2017/08/creating-individual-random-passwords/
|
|
$PlainPassword = Get-Content -Path "$Env:UserProfile\Documents\GitLab$Runner$ServSuffix.pw.txt" -ea 0 | Out-Null
|
|
if ($PlainPassword -eq $Null) {
|
|
Add-Type -AssemblyName System.Web
|
|
$PlainPassword = $([System.Web.Security.Membership]::GeneratePassword(16, 4))
|
|
Set-Content -Path "$Env:UserProfile\Documents\GitLab$Runner$ServSuffix.pw.txt" -Value "$PlainPassword"
|
|
}
|
|
$Password = ConvertTo-SecureString -String $PlainPassword -AsPlainText -Force
|
|
$User = Get-LocalUser "GitLab$Runner$ServSuffix" -ea 0
|
|
If ($User -eq $Null) {
|
|
"Username=GitLab$Runner$ServSuffix"
|
|
"Password=$PlainPassword"
|
|
$User = New-LocalUser "GitLab$Runner$ServSuffix" -Password $Password -FullName "GitLab Runner $Runner$ServSuffix" `
|
|
-Description "GitLab Runner $Runner$ServSuffix."
|
|
|
|
# https://download.microsoft.com/download/8/e/c/8ec3a7d8-05b4-440a-a71e-ca3ee25fe057/rktools.exe
|
|
# (an alternative to using rktools.exe is available in addpriv.ps1)
|
|
& "C:\Tools\ResKit\ntrights.exe" +r SeServiceLogonRight -u "GitLab$Runner$ServSuffix" -m "\\$Env:ComputerName"
|
|
}
|
|
|
|
$homeShare = New-Item -ItemType Directory -Force -Path "$Env:SystemDrive\Build\GitLab$Runner$ServSuffix"
|
|
|
|
# Lifted from https://activedirectoryfaq.com/2017/09/powershell-create-home-directory-grant-permissions/
|
|
$FileSystemRights = [System.Security.AccessControl.FileSystemRights]"Modify"
|
|
$AccessControlType = [System.Security.AccessControl.AccessControlType]::Allow
|
|
$InheritanceFlags = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
|
|
$PropagationFlags = [System.Security.AccessControl.PropagationFlags]"InheritOnly"
|
|
|
|
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule ($User.SID, $FileSystemRights, $InheritanceFlags, $PropagationFlags, $AccessControlType)
|
|
$acl = Get-Acl $homeShare
|
|
$acl.AddAccessRule($AccessRule)
|
|
|
|
Set-Acl -Path $homeShare -AclObject $acl -ea Stop
|
|
|
|
$s = Get-Service "GitLab$Runner$ServSuffix" -ea 0
|
|
if ($s -eq $Null) {
|
|
# $SDDL = "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;SU)"
|
|
# -SecurityDescriptorSddl = $SDDL
|
|
# TODO: Remove-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\Application\GitLabRunner" -Recurse -ea 0 | Out-Null
|
|
|
|
$ServCreds = New-Object System.Management.Automation.PSCredential(".\GitLab$Runner$ServSuffix", $Password)
|
|
New-Service -Name "GitLab$Runner$ServSuffix" `
|
|
-DisplayName "GitLab $Runner $ServSuffix" `
|
|
-Description "GitLab $Runner $ServSuffix" `
|
|
-BinaryPathName "`"$Env:ProgramFiles\GitLabCI\gitlab-runner.exe`" run --working-directory `"$($homeShare.FullName)`" --config `"$($homeShare.FullName)\config.toml`" --service `"GitLab$Runner$ServSuffix`"" `
|
|
-StartupType Automatic -Credential $ServCreds
|
|
|
|
Start-Service "GitLab$Runner$ServSuffix"
|
|
Set-Service -Name "GitLab$Runner$ServSuffix" -StartMode Automatic
|
|
}
|
|
|