From 32378d917d83f928bc2fe7ccde9c5b96236d3146 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Wed, 11 Dec 2024 13:32:41 +0100 Subject: [PATCH] Make token secret for actions runners --- infra/flake-part.nix | 10 ++++++++-- infra/vm02179/gitea-runner.nix | 9 +++++---- infra/vm02179/token.txt | 1 - infra/vm02186/gitea-runner.nix | 4 +++- 4 files changed, 16 insertions(+), 8 deletions(-) delete mode 100644 infra/vm02179/token.txt diff --git a/infra/flake-part.nix b/infra/flake-part.nix index f98b35c..76329a6 100644 --- a/infra/flake-part.nix +++ b/infra/flake-part.nix @@ -31,7 +31,10 @@ }; nixpkgs = inputs.nixpkgs; nixos.module = { - imports = [ ./vm02179 ]; + imports = [ + ./vm02179 + inputs.agenix.nixosModules.default + ]; }; }; @@ -45,7 +48,10 @@ }; nixpkgs = inputs.nixpkgs; nixos.module = { - imports = [ ./vm02186 ]; + imports = [ + ./vm02186 + inputs.agenix.nixosModules.default + ]; }; }; }; diff --git a/infra/vm02179/gitea-runner.nix b/infra/vm02179/gitea-runner.nix index b471bd4..dd3565c 100644 --- a/infra/vm02179/gitea-runner.nix +++ b/infra/vm02179/gitea-runner.nix @@ -1,6 +1,6 @@ -{ pkgs, ... }: -{ +{ config, pkgs, ... }: +{ virtualisation.docker.enable = true; services.gitea-actions-runner = { @@ -9,8 +9,7 @@ enable = true; name = "vm02179.procolix.com"; url = "https://git.fediversity.eu"; - # Obtaining the path to the runner token file may differ - token = "MKmFPY4nxfR4zPYHIRLoiJdrrfkGmcRymj0GWOAk"; + tokenFile = config.age.secrets.forgejo-runner-token.path; labels = [ "docker:docker://node:16-bullseye" "native:host" @@ -35,6 +34,8 @@ }; }; + age.secrets.forgejo-runner-token.file = ../../secrets/forgejo-runner-token.age; + ## The Nix configuration of the system influences the Nix configuration ## in the workflow, and our workflows are often flake-based. nix.extraOptions = '' diff --git a/infra/vm02179/token.txt b/infra/vm02179/token.txt deleted file mode 100644 index 680567c..0000000 --- a/infra/vm02179/token.txt +++ /dev/null @@ -1 +0,0 @@ -MKmFPY4nxfR4zPYHIRLoiJdrrfkGmcRymj0GWOAk diff --git a/infra/vm02186/gitea-runner.nix b/infra/vm02186/gitea-runner.nix index 58434b7..2d2a7b1 100644 --- a/infra/vm02186/gitea-runner.nix +++ b/infra/vm02186/gitea-runner.nix @@ -9,7 +9,7 @@ name = config.networking.fqdn; url = "https://git.fediversity.eu"; - token = "MKmFPY4nxfR4zPYHIRLoiJdrrfkGmcRymj0GWOAk"; + tokenFile = config.age.secrets.forgejo-runner-token.path; settings = { log.level = "info"; @@ -38,6 +38,8 @@ }; }; + age.secrets.forgejo-runner-token.file = ../../secrets/forgejo-runner-token.age; + ## For the Docker mode of the runner. virtualisation.docker.enable = true;