add secret, delete hydra module

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
2024-04-20 14:35:32 -04:00 · 2024-04-20 14:35:32 -04:00 · a2a339c174
commit a2a339c174
parent d706134f77
3 changed files with 14 additions and 21 deletions
--- a/modules/hydra.nix
+++ b/modules/hydra.nix
@ -1,19 +0,0 @@
-{ config, lib, ... }:
-
-let
-  cfg = config.services.hydra;
-in
-{
-  config = {
-    services.hydra.extraConfig = lib.mkDefault (
-      lib.concatLines [
-        cfg.extraConfig
-        ''
-          <git-input>
-            timeout = 3600
-          </git-input>
-        ''
-      ]
-    );
-  };
-}
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@ -151,6 +151,12 @@ in
      buildMachinesFiles = [ ];
      minimumDiskFree = 50;
      minimumDiskFreeEvaluator = 100;
+      extraConfig = ''
+        <git-input>
+          timeout = 3600
+        </git-input>
+        Include ${config.sops.secrets."alice/gha-hydra-token".path}
+      '';
    };

    nix-serve = {
@ -247,6 +253,11 @@ in
        "attic/secret-key".owner = "root";
        "attic/database-url".owner = "root";
        "postgres/init".owner = "postgres";
+        "alice/gha-hydra-token" = {
+          sopsFile = ../../users/alice/secrets.yaml;
+          owner = "hydra";
+          mode = "400";
+        };
      }
      // keygen "zfs-attic-key"
      // keygen "zfs-backup-key"
--- a/users/alice/secrets.yaml
+++ b/users/alice/secrets.yaml
@ -1,5 +1,6 @@
 alice:
    user-password: ENC[AES256_GCM,data:ew2R77T02LYby9fclYYqYXQBgDtKf7miFYMeS70/hj30fFw580qRCPeVicILB5UTnZCIoPf24ZCr2DGJ3UBrk8cvYQ285i0FWD/OfLAqZ/Tosi36MJKv6Nob/Z/vAltHIVqBJA5UiAU58UohbBos1lfZMWGFsg==,iv:mpIf9n4MgbbjD2jFkVGAL/lGNh5VW81FIzvmb1x/H1I=,tag:MVZRrHxxyDwu2mbRQMz9VA==,type:str]
+    gha-hydra-token: ENC[AES256_GCM,data:XG9a2MYEo1iOCi19iPJMHuqAHXVznY/NI2mvAM7wHXcMRozGCRdiH6FZAcPKbQjgQZwGmqql2w48T4CW746Y2HxLtVhDn0ntech0xAO3d3bsfrPmqmjwxYO52u/xSypaptqP5n688Xs9P/mJa0ufbEh/ivszaMkGZT8qBr96ZvgUB9s8CqmcuRdurwFtGjYz9R5sssFNe0G2s7dCqyY=,iv:Dd5GmScQOhMa8ZrfxfsRzaXwWxLwDInGtfhBnkVi3/w=,tag:XKH2aQOw0Etq5QXykgk+AA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -42,8 +43,8 @@ sops:
            MDJhN29xZk81NG91aHFZNmpLdGRTN0EKc2pqjllcRWl3QH4BVNyylB7CMMHAH0mr
            EsxyKrZEph7eKJYYy/9eaR1e/FvomB/1+hQXZAZVtG4bpuEG/mY14w==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-03T22:20:54Z"
-    mac: ENC[AES256_GCM,data:X+j5RMl1RUlciT1fdLYGCzkD2AZmprmAsLhaC9Fy3zoeWlGJcC/m5g7kftPOUkha83NgOkWuaa4tjIMegQwK8snmY8R8Q6XNVuS6maYnynzFwzhGON7L33j7465onXsNqfQfa+I8AEaz69CynfbTq4L7WOLO6s8pvh1LDLi4ZvE=,iv:8uTaRrYxg6mVNIPm0Pg7S13nG2VOg/4IjVbbeilQOAg=,tag:lCrBGVRt3uYY5/fHDG2xVQ==,type:str]
+    lastmodified: "2024-04-20T18:31:19Z"
+    mac: ENC[AES256_GCM,data:bLh4kL5xct785Y75HkUPase0kZcmM/cj8Q4MZDGEqHge03P+NgPXZwJFCCp1OGBdQN6g+l0NghZy6FD5ixB3a+Ur/h5yKUx3UxsKEUMjmnHOxZuePUjFiiFz0a10sW6P8Utf5zZ+KPHE7nCLf8yv7ULYTFNLiwryAKQryvPueYk=,iv:SbK5VcFnzYPHRWxhI9BUHsDXG2scJFDvbcrISbtdKTg=,tag:g7TBoBgJSyImit+Pp572mw==,type:str]
    pgp:
        - created_at: "2024-04-03T02:40:01Z"
          enc: |-