ci-runners: secret available at image build time
parent
bc33e20467
commit
66f350a4f3
|
@ -1,5 +1,7 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
source /run/agenix/ci-secrets
|
||||
|
||||
set -eou pipefail
|
||||
|
||||
set -x
|
||||
|
|
2
.ci.sh
2
.ci.sh
|
@ -1,5 +1,7 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
source /run/agenix/ci-secrets
|
||||
|
||||
set -eou pipefail
|
||||
|
||||
set -x
|
||||
|
|
|
@ -4,8 +4,13 @@ let
|
|||
gitea-runner-directory = "/var/lib/gitea-runner";
|
||||
secrets = import ../secrets.nix;
|
||||
in {
|
||||
age.secrets.gitea-runner-token = {
|
||||
file = ../secrets/gitea-runner-token-${config.networking.hostName}.age;
|
||||
age.secrets = {
|
||||
gitea-runner-token.file =
|
||||
../secrets/gitea-runner-token-${config.networking.hostName}.age;
|
||||
ci-secrets = { # for printer host sd images
|
||||
file = ../secrets/ci-secrets.age;
|
||||
mode = "444";
|
||||
};
|
||||
};
|
||||
|
||||
services.gitea-actions-runner.instances.nix = {
|
||||
|
|
|
@ -53,7 +53,10 @@ in {
|
|||
"secrets/synapseExtraConfig.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/gitea-runner-token-zorigami.age".publicKeys = ar ++ [ zorigami ];
|
||||
"secrets/gitea-runner-token-scylla.age".publicKeys = ar ++ [ scylla ];
|
||||
"secrets/hswaw-wifi.age".publicKeys = ar; # TODO: we're not getting ssh keys for the generated disk image…
|
||||
"secrets/ci-secrets.age".publicKeys = ar ++ [
|
||||
scylla
|
||||
zorigami
|
||||
]; # TODO: we're not getting ssh keys for the generated disk image, so we need to embed it at disk image build time
|
||||
|
||||
inherit ar;
|
||||
}
|
||||
|
|
Binary file not shown.
|
@ -1,10 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg N6Jqbjj+5CXGRVrcG1RVKTHYkTsus4/yEDQ3L4Pfc2M
|
||||
wQ3m82ax5s7wQblxD1RzuftQMJ5KyokVOvuXvdoXyXg
|
||||
-> ssh-ed25519 grc4Uw 0hM20m3Wqjphc/Nz4kcXGK8kGmTSHqtsAB18ticDIRo
|
||||
XgNFc5WKE9cFZvr6bhSTMwOGFenhJfVBM246sN5ERD8
|
||||
-> +n9QBq$-grease
|
||||
/oA0UeYd9bU6gvkD0MDcqU9CkdY9KdbuRNUcaeUkid+mWBn0jTaQS/AvR7r6BMAB
|
||||
iOqMW50jF+WickRN9RQ3wSrVk7k0iHQQ9u0c637+5X/CwSYtkYc
|
||||
--- DhnsuPBkBAqKjHyn1fadSFPp4eCQXuwhSYO8W7Txyzs
|
||||
©õø¤Á÷]±«Q‚Cyc<79>‹3b \¾Ñ0IA¨k
±iØ¿».ãÝó@Üõo$Ôòš»¥
|
Loading…
Reference in New Issue