darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions

add appropriate secrets

Browse source
This commit is contained in:
Charlotte 🦝 Delenk 2024-12-01 14:35:12 +01:00
parent 5706677a7a
commit 990d315d7b
Signed by: darkkirb
GPG key ID: AB2BD8DAF2E37122
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
config/services/hydra.nix
View file

@ -185,6 +185,12 @@ in
};
};
nix.settings.trusted-users = [ "@hydra" ];
sops.secrets."hydra-evaluator/ssh/builder_id_ed25519" = {
sopsFile = ../../secrets/shared.yaml;
owner = "hydra";
key = "ssh/builder_id_ed25519";
path = "/var/lib/hydra/.ssh/builder_id_ed25519";
};
sops.secrets."hydra/ssh/builder_id_ed25519" = {
sopsFile = ../../secrets/shared.yaml;
owner = "hydra-queue-runner";
@ -195,6 +201,9 @@ in
mkdir -p /var/lib/hydra/queue-runner/.ssh/
chown -Rv hydra-queue-runner /var/lib/hydra/queue-runner
ln -svf ${sshConfig} /var/lib/hydra/queue-runner/.ssh/config
mkdir -p /var/lib/hydra/.ssh/
chown -Rv hydra /var/lib/hydra/.ssh
ln -svf ${sshConfig} /var/lib/hydra/.ssh/config
'';
sops.secrets."attic/config.toml" = {
owner = "hydra-queue-runner";