hans/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

Make token secret for actions runners

Browse source
This commit is contained in:
Nicolas Jeannerod 2024-12-11 13:32:41 +01:00
parent 5771c14249
commit 32378d917d
Signed by untrusted user: Niols
GPG key ID: 35DB9EC8886E1CB8
4 changed files with 16 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
infra/flake-part.nix
View file

@ -31,7 +31,10 @@
}; };
nixpkgs = inputs.nixpkgs; nixpkgs = inputs.nixpkgs;
nixos.module = { nixos.module = {
imports = [ ./vm02179 ]; imports = [
./vm02179
inputs.agenix.nixosModules.default
];
}; };
}; };
@ -45,7 +48,10 @@
}; };
nixpkgs = inputs.nixpkgs; nixpkgs = inputs.nixpkgs;
nixos.module = { nixos.module = {
imports = [ ./vm02186 ]; imports = [
./vm02186
inputs.agenix.nixosModules.default
];
}; };
}; };
}; };

9
infra/vm02179/gitea-runner.nix
View file

@ -1,6 +1,6 @@
{ pkgs, ... }: { config, pkgs, ... }:
{
{
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
services.gitea-actions-runner = { services.gitea-actions-runner = {
@ -9,8 +9,7 @@
enable = true; enable = true;
name = "vm02179.procolix.com"; name = "vm02179.procolix.com";
url = "https://git.fediversity.eu"; url = "https://git.fediversity.eu";
# Obtaining the path to the runner token file may differ tokenFile = config.age.secrets.forgejo-runner-token.path;
token = "MKmFPY4nxfR4zPYHIRLoiJdrrfkGmcRymj0GWOAk";
labels = [ labels = [
"docker:docker://node:16-bullseye" "docker:docker://node:16-bullseye"
"native:host" "native:host"
@ -35,6 +34,8 @@
}; };
}; };
age.secrets.forgejo-runner-token.file = ../../secrets/forgejo-runner-token.age;
## The Nix configuration of the system influences the Nix configuration ## The Nix configuration of the system influences the Nix configuration
## in the workflow, and our workflows are often flake-based. ## in the workflow, and our workflows are often flake-based.
nix.extraOptions = '' nix.extraOptions = ''

1
infra/vm02179/token.txt
View file

@ -1 +0,0 @@
MKmFPY4nxfR4zPYHIRLoiJdrrfkGmcRymj0GWOAk

4
infra/vm02186/gitea-runner.nix
View file

@ -9,7 +9,7 @@
name = config.networking.fqdn; name = config.networking.fqdn;
url = "https://git.fediversity.eu"; url = "https://git.fediversity.eu";
token = "MKmFPY4nxfR4zPYHIRLoiJdrrfkGmcRymj0GWOAk"; tokenFile = config.age.secrets.forgejo-runner-token.path;
settings = { settings = {
log.level = "info"; log.level = "info";
@ -38,6 +38,8 @@
}; };
}; };
age.secrets.forgejo-runner-token.file = ../../secrets/forgejo-runner-token.age;
## For the Docker mode of the runner. ## For the Docker mode of the runner.
virtualisation.docker.enable = true; virtualisation.docker.enable = true;