noa/nixconf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add agenix secrets for github runners

Browse source
This commit is contained in:
Noa Aarts 2024-10-21 12:43:41 +02:00
parent 0ef5e0b9a6
commit 8b71caf26b
Signed by: noa
GPG key ID: 1850932741EFF672
4 changed files with 18 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

11
hosts/nuos/configuration.nix
View file

@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page, on # your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ modulesPath, pkgs, inputs, lib, nix-colors, ... }: { modulesPath, pkgs, inputs, lib, nix-colors, config, ... }:
{ {
imports = imports =
[ [
@ -143,6 +143,11 @@
}; };
}; };
age.secrets = {
"secrets/token-flurry".file = ../../secrets/github/flurry.age;
"secrets/token-nixconf".file = ../../secrets/github/nixconf.age;
};
services = { services = {
nix-serve = { nix-serve = {
enable = true; enable = true;
@ -158,7 +163,7 @@
curl curl
]; ];
name = "flurry-runner"; name = "flurry-runner";
tokenFile = "/secrets/token-flurry"; tokenFile = config.age.secrets."secrets/token-flurry".path;
url = "https://github.com/itepastra/flurry"; url = "https://github.com/itepastra/flurry";
}; };
nixconf-runner = { nixconf-runner = {
@ -167,7 +172,7 @@
nixos-rebuild nixos-rebuild
]; ];
name = "nixconf-runner"; name = "nixconf-runner";
tokenFile = "/secrets/token-nixconf"; tokenFile = config.age.secrets."secrets/token-nixconf".path;
url = "https://github.com/itepastra/nixconf"; url = "https://github.com/itepastra/nixconf";
}; };
}; };

7
secrets/github/flurry.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 tcnWbQ JAhI/dqMejqQiwZFA6nNMBG4M6HRGuoVZZ0u5Tz6mD4
i4Zmj5Uz7bBaztDRtbfXobXpBc7IivtvP9yM/2fL0KQ
-> ssh-ed25519 ropO2g aJL3w72KCeL7DLQZc6l2zH1zSr0qQUdH9t5MNgLvonE
IQ82mUzK2Qh7nllM/AMhSajX4lQszao9CZ2IUA6BDeI
--- dNAB2ZaXFs5iC8zMMH+sazvOl3jeQCF5cZi5vlz9yQY
UJF3ò <C2A0>´í ÒV¬æYfÄR8Gn!kr¦k) j^­M|Ó6˜È.1˜`sê<ͧ

BIN
secrets/github/nixconf.age Normal file
View file

Binary file not shown.

3
secrets/secrets.nix
View file

@ -1,9 +1,12 @@
let let
noa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOiz4Dsp4fgtwgOvARzOO9kZI4fSwJ4QJCf34dGVB6Z"; noa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOiz4Dsp4fgtwgOvARzOO9kZI4fSwJ4QJCf34dGVB6Z";
nuOS = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM79/rtDi2KIN75Rr6ae+A8lPTSCQfCkhbx1tGmQ3Qed";
in in
{ {
"restic/env.age".publicKeys = [ noa ]; "restic/env.age".publicKeys = [ noa ];
"restic/repo.age".publicKeys = [ noa ]; "restic/repo.age".publicKeys = [ noa ];
"restic/password.age".publicKeys = [ noa ]; "restic/password.age".publicKeys = [ noa ];
"github/flurry.age".publicKeys = [ noa nuOS ];
"github/nixconf.age".publicKeys = [ noa nuOS ];
} }