From a4ab7617e6837f4aa30c4f9ea31d19aef9540a0b Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Fri, 25 Jul 2025 23:45:53 +0200
Subject: [PATCH] configure user

simplify secrets

set just group for system users
---
 machines/dev/fedi203/woodpecker.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/machines/dev/fedi203/woodpecker.nix b/machines/dev/fedi203/woodpecker.nix
index dc61e725..33d8d6c3 100644
--- a/machines/dev/fedi203/woodpecker.nix
+++ b/machines/dev/fedi203/woodpecker.nix
@@ -10,6 +10,20 @@
     defaults.email = "something@fediversity.eu";
   };
 
+  age.secrets =
+    lib.mapAttrs
+      (_: group: {
+        owner = "root";
+        inherit group;
+        mode = "440";
+      })
+      {
+        woodpecker-gitea-client = "woodpecker-server";
+        woodpecker-gitea-secret = "woodpecker-server";
+        woodpecker-agent-exec = "woodpecker-agent-exec";
+        woodpecker-agent-container = "woodpecker-agent-docker";
+      };
+
   # needs `sudo generate-vars`
   vars.settings.on-machine.enable = true;