vbem
diff --git a/‎README.md
+3-108 b/‎README.md
+3-108
diff --git a/‎clash.example/config.yaml
-33 b/‎clash.example/config.yaml
-33
diff --git a/‎clash.example/start-clash.bash
-37 b/‎clash.example/start-clash.bash
-37
diff --git a/‎mr.bash
+23-16 b/‎mr.bash
+23-16
@@ -54,6 +54,7 @@ Options:
   --token       Runner registration token, takes precedence over MR_GITHUB_PAT
   --dotenv      The lines to set in runner's '.env' files
   --count       The number to add or del, optional, defaults to 1 for add and all for del
+  --opts        Extra options for 'config.sh', optional, such as '--no-default-labels'
   -h --help     Show this help.
 ```
 
@@ -174,119 +175,13 @@ runs-on: [self-hosted, '${{ github.repository }}']
 As described in GitHub official document, there's an approach to [inject environment variables into runners process](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/using-a-proxy-server-with-self-hosted-runners#using-a-env-file-to-set-the-proxy-configuration) via the `.env` file before configuring or starting the self-hosted runners. This can be achieved via the `--dotenv` option, for example:
 
 ```bash
-./mr.bash add --org <ORG> --repo <REPO> --dotenv 'TZ=Asia/Shanghai' --dotenv 'PATH=\$PATH:/mybin'
+./mr.bash add --org <ORG> --repo <REPO> --dotenv 'TZ=Asia/Shanghai' --dotenv 'PATH=\$PATH:/mybin' --dotenv 'all_proxy=socks5h://localhost:1080'
 ```
 
 Then the following lines will be added to `.env` file located in self-hosted runner's directory before its configuring and starting:
 
 ```plain
 TZ=Asia/Shanghai
 PATH=$PATH:/mybin
-```
-
-## Case Study - Deploy multi runners on single host which can not access GitHub directly
-
-A multi-national corporation adopted GitHub as its centralized engineering efficiency platform. But in a country branch, according to  some network blockade/bandwidth/QoS reasons, neither GitHub-hosted runners can access endpoints in this country stably, nor virtual machines in this country can access GitHub liberally.
-
-In such a bad situation, we still need to setup reliable self-hosted runners in this country. What should we do? 🤣
-
-A cost-conscious solution can be described as following architecture:
-
-```plain
-Endpoints <-------- VM-Runners ----> Firewall ----> VM-Proxy ----> GitHub
- \                          /                          |    \
-  --------------------------                           |     ----> Other endpoints
-     Branch office network                        Remote Proxy
-```
-
-A host *VM-Runners* is required for self-hosted runners, which is placed in this country and:
-
-- Can access endpoints of this country branch
-- Can NOT access *GitHub* directly or stably
-
-A tiny specification host *VM-Proxy* is required as ***Remote Proxy***, which is deployed in a place that:
-
-- Can access *GitHub* directly and stably
-- Can be accessed by *VM-Runners* directly and stably
-
-Meanwhile, **outbound traffics from *VM-Runners* MUST be routed by predefined rules**:
-
-- [Requests to *GitHub* endpoints](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#communication-requirements) and non-local endpoints should be forward to the *Remote Proxy* on *VM-Proxy*
-- Requests to local endpoints should be handled directly
-
-Let's implement this solution. 🧐
-
-On *VM-Proxy*, we can setup a *Remote Proxy* that's not easy to be blocked by the firewall, such as [*SS*](https://github.com/shadowsocks), [*TJ*](https://github.com/trojan-gfw), [*XR*](https://github.com/XTLS), etc. These particular proxies have their own deployment and configuration methods. Please read their documents for more information. It's advised to set the outbound IP of *VM-Runners* as the only whitelist of the *Remote Proxy* port on *VM-Proxy* to avoid active detection from the firewall.
-
-Before setup runners on *VM-Runners*, we need a [***Local Proxy***](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/using-a-proxy-server-with-self-hosted-runners) on *VM-Runners*.
-
-Usually firstly we need to setup the client of selected *Remote Proxy* which exposes a SOCKS5 proxy on *VM-Runners* (this local SOCKS5 localhost port will unconditionally forward all traffics to *VM-Proxy*), and then setup a [*privoxy*](https://www.privoxy.org/) on top of previous local SOCKS5 for [domain based forwarding](https://www.privoxy.org/user-manual/config.html#SOCKS). These configurations are complex and prone to errors. Via [*Clash*](https://github.com/Dreamacro/clash), we can combine both client of *Remote Proxy* and domain based forwarding into only one *Local Proxy*. The example configuration file and startup script of *Clash* and given in this repo's [clash.example/](clash.example/) directory.
-
-Assume the *Local Proxy* was launched as `socks5h://localhost:7890`, we can test it via following commands on *VM-Runners*:
-
-```bash
-# Without *Local Proxy*, it will print outbound public IP of *VM-Runners*
-curl -s -4 icanhazip.com
-
-# With *Local Proxy*, it will print outbound public IP of *VM-Proxy* !!!
-all_proxy=socks5h://localhost:7890 curl -s -4 icanhazip.com
-```
-
-When *Local Proxy* is ready, we start self-hosted runners' setup on *VM-Runners*.
-
-As *VM-Runners* Can NOT access *GitHub* directly or stably, use *Local Proxy* to clone this repository:
-
-```bash
-all_proxy=socks5h://localhost:7890 git clone https://github.com/vbem/multi-runners
-cd multi-runners
-```
-
-As self-hosted runners' tar package downloading and registration-token fetching also requires communication with GitHub, we also configure *Local Proxy* for this application:
-
-```bash
-cat > .env <<- __
-    MR_GITHUB_PAT='<paste-for-GitHub-PAT-here>'
-    all_proxy='socks5h://localhost:7890'
-__
-```
-
-To download the self-hosted runners' tar package from *GitHub*:
-
-```bash
-./mr.bash download
-```
-
-To validate your *PAT* has sufficient permissions for self-hosted runners registration on your GitHub organization `https://github.com/<ORG-NAME>`:
-
-```bash
-./mr.bash pat2token --org <ORG-NAME>
-```
-
-To setup two self-hosted runners on *VM-Runners* for your GitHub organization:
-
-```bash
-./mr.bash add --org <ORG-NAME> --dotenv 'all_proxy=socks5h://localhost:7890'
-./mr.bash add --org <ORG-NAME> --dotenv 'all_proxy=socks5h://localhost:7890'
-```
-
-To check the status of self-hosted runners:
-
-```bash
-./mr.bash list
-```
-
-To check the *Local Proxy* works well in your runners' process, you can add a simple workflow `.github/workflows/test-local-proxy.yml` in your repository. If `icanhazip.com` was configured as a following-to-remote domain, the workflow run will print outbound public IP of *VM-Proxy*, even though this workflow actually runs on *VM-Proxy*.
-
-```yaml
----
-name: Test Local Proxy works in my self-hosted runners
-on:
-  workflow_dispatch:
-jobs:
-  test:
-    runs-on: [self-hosted, '${{ github.repository }}']
-    steps:
-      - run: |
-          curl -s -4 icanhazip.com
-...
+all_proxy=socks5h://localhost:1080
 ```
@@ -248,18 +248,19 @@ function mr::downloadRunner {
 }
 
 # Add GitHub Actions Runner by local username
-#   $1: username, optional
-#   $2: enterprise
-#   $3: organization
-#   $4: repository, optional
-#   $5: runner registration token, optional
-#   $6: extra labels, optional
-#   $7: group, defaults to `default`
-#   $8: lines to set in runner's '.env' files, optional
-#   $9: count of runners, optional, defaults to 1
+#   $1:  username, optional
+#   $2:  enterprise
+#   $3:  organization
+#   $4:  repository, optional
+#   $5:  runner registration token, optional
+#   $6:  extra labels, optional
+#   $7:  group, defaults to `default`
+#   $8:  lines to set in runner's '.env' files, optional
+#   $9:  count of runners, optional, defaults to 1
+#   $10: extra options for `config.sh`, optional, such as `--no-default-labels`
 #   $?: 0 if successful and non-zero otherwise
 function mr::addRunner {
-    local username="$1" enterprise="$2" org="$3" repo="$4" token="$5" extraLabels="$6" group="${7:-default}" dotenv="$8" tarpath=''
+    local username="$1" enterprise="$2" org="$3" repo="$4" token="$5" extraLabels="$6" group="${7:-default}" dotenv="$8" opts="${10}" tarpath=''
     local -i count="${9:-1}"
     str::allVarsNotEmpty enterprise org || return $?
 
@@ -299,7 +300,7 @@ function mr::addRunner {
             echo -n '$name' > name && echo -n '$labels' > labels && echo -n '$tarpath' > tarpath
             cd .. && tar -xzf "$tarpath"
             echo "$dotenv" >> .env
-            ./config.sh --unattended --replace --url '$url' --token '$token' --name '$name' --labels '$labels' --runnergroup '$group'
+            ./config.sh --unattended --replace --url '$url' --token '$token' --name '$name' --labels '$labels' --runnergroup '$group' $opts
             sudo ./svc.sh install '$user'
             if [[ "$(getenforce 2>/dev/null)" == "Enforcing" ]]; then
                 chcon -t bin_t ./runsvc.sh # https://github.com/vbem/multi-runners/issues/9
@@ -317,9 +318,10 @@ __
 #   $4: repository, optional
 #   $5: runner registration token, optional
 #   $6: count of runners, optional, defaults to 0 (all)
+#   $7: extra options for `config.sh`, optional, such as `--local`
 #   $?: 0 if successful and non-zero otherwise
 function mr::delRunner {
-    local user="$1" enterprise="$2" org="$3" repo="$4" token="$5"
+    local user="$1" enterprise="$2" org="$3" repo="$4" token="$5" opts="$7"
     local -i count="${6:-0}"
 
     local -a removals=()
@@ -352,7 +354,7 @@ function mr::delRunner {
         run::logFailed sudo su --login "$user" -- <<-__
             cd runner
             sudo ./svc.sh stop && sudo ./svc.sh uninstall
-            ./config.sh remove --token '$token'
+            ./config.sh remove --token '$token' $opts
 __
         run::log sudo userdel -rf "$user"
     done
@@ -418,6 +420,7 @@ Options:
   --token       Runner registration token, takes precedence over MR_GITHUB_PAT
   --dotenv      The lines to set in runner's '.env' files
   --count       The number to add or del, optional, defaults to 1 for add and all for del
+  --opts        Extra options for 'config.sh', optional, such as '--no-default-labels'
   -h --help     Show this help.
 "
 declare -rg HELP
@@ -426,7 +429,7 @@ declare -rg HELP
 #   $?: 0 if successful and non-zero otherwise
 function mr::main {
     local getopt_output='' subCmd=''
-    local org='' repo='' user='' labels='' token='' group='' dotenv='' count=''
+    local org='' repo='' user='' labels='' token='' group='' dotenv='' count='' opts=''
 
     # parse options into variables
     getopt_output="$(getopt -o h -l help,enterprise:,org:,repo:,user:,labels:,token:,group:,dotenv:,count: -n "$FILE_THIS" -- "$@")"
@@ -472,6 +475,10 @@ function mr::main {
                 count="$2"
                 shift 2
                 ;;
+            --opts)
+                opts="$2"
+                shift 2
+                ;;
             --)
                 shift
                 break
@@ -487,8 +494,8 @@ function mr::main {
     subCmd="$1"
     shift
     case "$subCmd" in
-        add) mr::addRunner "$user" "$enterprise" "$org" "$repo" "$token" "$labels" "$group" "$dotenv" "$count" ;;
-        del) mr::delRunner "$user" "$enterprise" "$org" "$repo" "$token" "$count" ;;
+        add) mr::addRunner "$user" "$enterprise" "$org" "$repo" "$token" "$labels" "$group" "$dotenv" "$count" "$opts" ;;
+        del) mr::delRunner "$user" "$enterprise" "$org" "$repo" "$token" "$count" "$opts" ;;
         list) mr::listRunners ;;
         status) mr::statusRunner "$user" ;;
         download) mr::downloadRunner ;;