Move ci to sops-nix
This commit is contained in:
parent
92dd291700
commit
66b8b64e2b
4 changed files with 43 additions and 4 deletions
|
@ -1,5 +1,10 @@
|
|||
{ pkgs, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
sops.secrets.forgejo-token = {
|
||||
sopsFile = ../secrets/ci.yaml;
|
||||
restartUnits = [ "gitea-runner-forgejo.sinerva.eu.service" ];
|
||||
};
|
||||
|
||||
networking.firewall.trustedInterfaces = [ "br-+" ];
|
||||
|
||||
services.gitea-actions-runner = {
|
||||
|
@ -8,7 +13,7 @@
|
|||
enable = true;
|
||||
name = "ci.sinerva.eu";
|
||||
url = "https://forgejo.sinerva.eu";
|
||||
tokenFile = "/persist/secrets/forgejo_token";
|
||||
tokenFile = config.sops.secrets.forgejo-token.path;
|
||||
labels = [
|
||||
"ubuntu-24.04-lts:docker://ubuntu:24.04"
|
||||
"ubuntu-22.04:docker://node:24-bullseye"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, ... }:
|
||||
{ config, lib, ... }:
|
||||
let
|
||||
hydra_domain = "ci.sinerva.eu";
|
||||
cache_domain = "cache.sinerva.eu";
|
||||
|
@ -9,6 +9,8 @@ in
|
|||
./utils/acme-http-client.nix
|
||||
];
|
||||
|
||||
sops.secrets.priv-cache-key.sopsFile = ../secrets/ci.yaml;
|
||||
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
|
||||
services = {
|
||||
|
@ -30,7 +32,7 @@ in
|
|||
enable = true;
|
||||
bindAddress = "127.0.0.2";
|
||||
port = 8081;
|
||||
secretKeyFile = "/persist/secrets/priv_cache_key";
|
||||
secretKeyFile = config.sops.secrets.priv-cache-key.path;
|
||||
};
|
||||
|
||||
nginx.virtualHosts = {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue