From 65f94228e3b0f0e527f1539b72649a306313445c Mon Sep 17 00:00:00 2001
From: Antoine Martin <antoine@alarsyo.net>
Date: Wed, 20 Nov 2024 11:01:35 +0100
Subject: [PATCH] thanatos: setup gitlab-runner

---
 hosts/thanatos/default.nix                            | 7 +++++++
 hosts/thanatos/secrets.nix                            | 1 +
 modules/secrets/gitlab-runner/thanatos-runner-env.age | 7 +++++++
 modules/secrets/secrets.nix                           | 2 ++
 4 files changed, 17 insertions(+)
 create mode 100644 modules/secrets/gitlab-runner/thanatos-runner-env.age

diff --git a/hosts/thanatos/default.nix b/hosts/thanatos/default.nix
index 15cf5ce..a7f982f 100644
--- a/hosts/thanatos/default.nix
+++ b/hosts/thanatos/default.nix
@@ -35,6 +35,13 @@ in {
   };
 
   services = {
+    gitlab-runner = {
+      enable = true;
+      services.default = {
+        authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-runner-env".path;
+        dockerImage = "debian:stable";
+      };
+    };
     openssh.enable = true;
   };
 
diff --git a/hosts/thanatos/secrets.nix b/hosts/thanatos/secrets.nix
index 3fbc379..c44e1f8 100644
--- a/hosts/thanatos/secrets.nix
+++ b/hosts/thanatos/secrets.nix
@@ -15,6 +15,7 @@
       lib.mapAttrs toSecret {
         "users/alarsyo-hashed-password" = {};
         "users/root-hashed-password" = {};
+        "gitlab-runner/thanatos-runner-env" = {};
       };
   };
 }
diff --git a/modules/secrets/gitlab-runner/thanatos-runner-env.age b/modules/secrets/gitlab-runner/thanatos-runner-env.age
new file mode 100644
index 0000000..436d4f8
--- /dev/null
+++ b/modules/secrets/gitlab-runner/thanatos-runner-env.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 k2gHjw naNq55qkAm47KXPJpYFDjVQuxPz2Ffpima5z1WEqRSA
+ETC3Hh4gglwYpiJCu/EGOUzjN3BJYk8yJshMeMkgYug
+-> ssh-ed25519 6UUuZw Azk9jDbUL/nO20lvzs0s36q/4ZcWSpkUbt1J/PE7A2M
+kPKHGLoWHDpFhsRr+CBteWKYsDw0dn/+IKbrh/5qMoE
+--- g1akMn28voSQByQR9/ArJ4CsQehcwJ7MfCco+k2fPWo
+› YMZÓíî:ú{R­^n~ó½±ã¢ÊwPaª§h£8T'hcmªe(‘ÝXx=7”‹‡Ë¢[äË4@b=“&ª®æYÅ;‘€Ü[„ª¹ØÁˆß¿kôk>ˆ5’4‚0ÞGâŒ÷ðÌŸ­±QÊë·±Ÿw¡
\ No newline at end of file
diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix
index 40ca77c..1796e74 100644
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@@ -13,6 +13,8 @@ let
 in {
   "gandi/api-key.age".publicKeys = [alarsyo hades];
 
+  "gitlab-runner/thanatos-runner-env.age".publicKeys = [alarsyo thanatos];
+
   "lohr/shared-secret.age".publicKeys = [alarsyo hades];
 
   "matrix-synapse/secret-config.age".publicKeys = [alarsyo hades];