diff --git a/modules/hydra.nix b/modules/hydra.nix
deleted file mode 100644
index 535108d..0000000
--- a/modules/hydra.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, lib, ... }:
-
-let
- cfg = config.services.hydra;
-in
-{
- config = {
- services.hydra.extraConfig = lib.mkDefault (
- lib.concatLines [
- cfg.extraConfig
- ''
-
- timeout = 3600
-
- ''
- ]
- );
- };
-}
diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix
index edcda4a..b0c33dd 100644
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@@ -151,6 +151,12 @@ in
buildMachinesFiles = [ ];
minimumDiskFree = 50;
minimumDiskFreeEvaluator = 100;
+ extraConfig = ''
+
+ timeout = 3600
+
+ Include ${config.sops.secrets."alice/gha-hydra-token".path}
+ '';
};
nix-serve = {
@@ -247,6 +253,11 @@ in
"attic/secret-key".owner = "root";
"attic/database-url".owner = "root";
"postgres/init".owner = "postgres";
+ "alice/gha-hydra-token" = {
+ sopsFile = ../../users/alice/secrets.yaml;
+ owner = "hydra";
+ mode = "400";
+ };
}
// keygen "zfs-attic-key"
// keygen "zfs-backup-key"
diff --git a/users/alice/secrets.yaml b/users/alice/secrets.yaml
index 2503132..9af1b03 100644
--- a/users/alice/secrets.yaml
+++ b/users/alice/secrets.yaml
@@ -1,5 +1,6 @@
alice:
user-password: ENC[AES256_GCM,data:ew2R77T02LYby9fclYYqYXQBgDtKf7miFYMeS70/hj30fFw580qRCPeVicILB5UTnZCIoPf24ZCr2DGJ3UBrk8cvYQ285i0FWD/OfLAqZ/Tosi36MJKv6Nob/Z/vAltHIVqBJA5UiAU58UohbBos1lfZMWGFsg==,iv:mpIf9n4MgbbjD2jFkVGAL/lGNh5VW81FIzvmb1x/H1I=,tag:MVZRrHxxyDwu2mbRQMz9VA==,type:str]
+ gha-hydra-token: ENC[AES256_GCM,data:XG9a2MYEo1iOCi19iPJMHuqAHXVznY/NI2mvAM7wHXcMRozGCRdiH6FZAcPKbQjgQZwGmqql2w48T4CW746Y2HxLtVhDn0ntech0xAO3d3bsfrPmqmjwxYO52u/xSypaptqP5n688Xs9P/mJa0ufbEh/ivszaMkGZT8qBr96ZvgUB9s8CqmcuRdurwFtGjYz9R5sssFNe0G2s7dCqyY=,iv:Dd5GmScQOhMa8ZrfxfsRzaXwWxLwDInGtfhBnkVi3/w=,tag:XKH2aQOw0Etq5QXykgk+AA==,type:str]
sops:
kms: []
gcp_kms: []
@@ -42,8 +43,8 @@ sops:
MDJhN29xZk81NG91aHFZNmpLdGRTN0EKc2pqjllcRWl3QH4BVNyylB7CMMHAH0mr
EsxyKrZEph7eKJYYy/9eaR1e/FvomB/1+hQXZAZVtG4bpuEG/mY14w==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-02-03T22:20:54Z"
- mac: ENC[AES256_GCM,data:X+j5RMl1RUlciT1fdLYGCzkD2AZmprmAsLhaC9Fy3zoeWlGJcC/m5g7kftPOUkha83NgOkWuaa4tjIMegQwK8snmY8R8Q6XNVuS6maYnynzFwzhGON7L33j7465onXsNqfQfa+I8AEaz69CynfbTq4L7WOLO6s8pvh1LDLi4ZvE=,iv:8uTaRrYxg6mVNIPm0Pg7S13nG2VOg/4IjVbbeilQOAg=,tag:lCrBGVRt3uYY5/fHDG2xVQ==,type:str]
+ lastmodified: "2024-04-20T18:31:19Z"
+ mac: ENC[AES256_GCM,data:bLh4kL5xct785Y75HkUPase0kZcmM/cj8Q4MZDGEqHge03P+NgPXZwJFCCp1OGBdQN6g+l0NghZy6FD5ixB3a+Ur/h5yKUx3UxsKEUMjmnHOxZuePUjFiiFz0a10sW6P8Utf5zZ+KPHE7nCLf8yv7ULYTFNLiwryAKQryvPueYk=,iv:SbK5VcFnzYPHRWxhI9BUHsDXG2scJFDvbcrISbtdKTg=,tag:g7TBoBgJSyImit+Pp572mw==,type:str]
pgp:
- created_at: "2024-04-03T02:40:01Z"
enc: |-