thanatos: setup gitlab-runner

2024-11-20 11:01:35 +01:00 · 2024-11-20 11:01:35 +01:00 · 4c7ac05af8
parent 92174a888f
commit 4c7ac05af8
4 changed files with 16 additions and 0 deletions
--- a/hosts/thanatos/default.nix
+++ b/hosts/thanatos/default.nix
@ -35,6 +35,12 @@ in {
  };

  services = {
+    gitlab-runner = {
+      enable = true;
+      services.default = {
+        authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-runner-env".path;
+      };
+    };
    openssh.enable = true;
  };

--- a/hosts/thanatos/secrets.nix
+++ b/hosts/thanatos/secrets.nix
@ -15,6 +15,7 @@
      lib.mapAttrs toSecret {
        "users/alarsyo-hashed-password" = {};
        "users/root-hashed-password" = {};
+        "gitlab-runner/thanatos-runner-env" = {};
      };
  };
 }
--- a/modules/secrets/gitlab-runner/thanatos-runner-env.age
+++ b/modules/secrets/gitlab-runner/thanatos-runner-env.age
@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 k2gHjw naNq55qkAm47KXPJpYFDjVQuxPz2Ffpima5z1WEqRSA
+ETC3Hh4gglwYpiJCu/EGOUzjN3BJYk8yJshMeMkgYug
+-> ssh-ed25519 6UUuZw Azk9jDbUL/nO20lvzs0s36q/4ZcWSpkUbt1J/PE7A2M
+kPKHGLoWHDpFhsRr+CBteWKYsDw0dn/+IKbrh/5qMoE
+--- g1akMn28voSQByQR9/ArJ4CsQehcwJ7MfCco+k2fPWo
+› YMZÓíî:ú{R^n~ó½±ã¢ÊwPaª§h£8<C2A3>T'hcmªe(<28>‘ÝXx=7”‹‡Ë¢[äË4@b=“&ª®æYÅ;‘€Ü[„ª¹ØÁˆß¿kôk>ˆ5’4‚0ÞGâŒ÷ðÌŸ±Q<C2B1>Êë·±Ÿw¡
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@ -13,6 +13,8 @@ let
 in {
  "gandi/api-key.age".publicKeys = [alarsyo hades];

+  "gitlab-runner/thanatos-runner-env.age".publicKeys = [alarsyo thanatos];
+
  "lohr/shared-secret.age".publicKeys = [alarsyo hades];

  "matrix-synapse/secret-config.age".publicKeys = [alarsyo hades];