thanatos: setup gitlab-runner

hosts/thanatos/default.nix

@@ -35,6 +35,12 @@ in {
   };
 
   services = {
+    gitlab-runner = {
+      enable = true;
+      services.default = {
+        authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-runner-env".path;
+      };
+    };
     openssh.enable = true;
   };
 

hosts/thanatos/secrets.nix

@@ -15,6 +15,7 @@
       lib.mapAttrs toSecret {
         "users/alarsyo-hashed-password" = {};
         "users/root-hashed-password" = {};
+        "gitlab-runner/thanatos-runner-env" = {};
       };
   };
 }

modules/secrets/gitlab-runner/thanatos-runner-env.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 k2gHjw naNq55qkAm47KXPJpYFDjVQuxPz2Ffpima5z1WEqRSA
+ETC3Hh4gglwYpiJCu/EGOUzjN3BJYk8yJshMeMkgYug
+-> ssh-ed25519 6UUuZw Azk9jDbUL/nO20lvzs0s36q/4ZcWSpkUbt1J/PE7A2M
+kPKHGLoWHDpFhsRr+CBteWKYsDw0dn/+IKbrh/5qMoE
+--- g1akMn28voSQByQR9/ArJ4CsQehcwJ7MfCco+k2fPWo
+› YMZÓíî:ú{R­^
n~ó½±ã¢ÊwPaª§h£8<C2A3>T'hcmªe(<28>‘ÝXx=7”‹‡Ë¢[äË4@b=“&ª®æYÅ;‘€Ü[„ª¹ØÁˆß¿kôk>ˆ5’4‚0ÞGâŒ÷ðÌŸ­±Q<C2B1>Êë·±Ÿw¡

modules/secrets/secrets.nix

@@ -13,6 +13,8 @@ let
 in {
   "gandi/api-key.age".publicKeys = [alarsyo hades];
 
+  "gitlab-runner/thanatos-runner-env.age".publicKeys = [alarsyo thanatos];
+
   "lohr/shared-secret.age".publicKeys = [alarsyo hades];
 
   "matrix-synapse/secret-config.age".publicKeys = [alarsyo hades];