monolith: add docker-images gitlab runner
This commit is contained in:
parent
553ea251fa
commit
0bc125c944
12
.sops.yaml
12
.sops.yaml
|
@ -12,7 +12,17 @@ creation_rules:
|
|||
age:
|
||||
- *lelgenio-ssh
|
||||
- *monolith-ssh
|
||||
- path_regex: secrets/monolith/[^/]+\.(yaml|json|env|ini)$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *lelgenio-gpg
|
||||
age:
|
||||
- *lelgenio-ssh
|
||||
- *monolith-ssh
|
||||
- path_regex: secrets/phantom/[^/]+\.(yaml|json|env|ini)$
|
||||
key_groups:
|
||||
- age:
|
||||
- pgp:
|
||||
- *lelgenio-gpg
|
||||
age:
|
||||
- *lelgenio-ssh
|
||||
- *phantom-ssh
|
||||
|
|
56
secrets/monolith/default.yaml
Normal file
56
secrets/monolith/default.yaml
Normal file
|
@ -0,0 +1,56 @@
|
|||
gitlab-runners:
|
||||
docker-images-token: ENC[AES256_GCM,data:GGB/KSkjdAyhFKEspAh91ItbqEDf7K/LZSGSn+Jp7SxRfXpDzHIiMD8XJ9PTkGLeQGN4ug1i2nTYPS7d/P5OALWDU+1NPiV9nPdG0w7GERfu4g==,iv:6roabdOKX9xFMf0hWlECd73+943R+hFLos0e2dOpzns=,tag:LrASFc4DtN7aQ+3oOW/p/w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgQnd3eEhnCldST3lPZXBV
|
||||
cTVNK3R3RjlFcDQ4UldRT0tsSVJ2N2FkN0hiOVllT2Rrc2NjVWtMbnMrWHVMN1k5
|
||||
dExsVHFhMHMKRVVzR1pzeG01Y2FidWNrQ0xjK1FUZktnWTZaWWlWalM5cWhZWE9U
|
||||
TFU3ZXV3aGp6QkRIZkl4MDFJN2RRQVkrdwpqQlE5ajFTVW15MVVyTkNaS3JiOFph
|
||||
cGthWWZ4R3Rldjh0a2lnd1dSbUcvSVpDdHJKVk5GVy8vR05WbmhUWFhuCkZsaWk5
|
||||
L2dnNE4rNTV6VWpIZlNIMENzZVlKS2NEOFdmSFhsYkFNSHRlTENYeGNtekpDaUN4
|
||||
V3l2VWtta3hSVFIKblVDZ1hOdzZQbWswTDB5MXd3dXpXQW44MFhFR0hGZkxjbzlU
|
||||
WkR5dFhhbVpTUGZwQVR3WXNCUjJWYlAyTU1VeQpkWEdXQjVUemlRdXVxZVE4SGVU
|
||||
TFlPS0FEV1dRRWU0K1d1ZTRrZGU1MHVKQ0lCemJmcUhOaWtON3ZDbUtad2lXCklt
|
||||
aFREN3BmdEo1TUw2V2NtQ0QvbE1EQ25OeW5ZaldOY04zQjFQbWRnWjhJaWZKWXJn
|
||||
UlBTTjV0VkpEY0FhZjQKTURjT004dHEvS24rNGVBSE1KK0ZabTBKb0Z4QTJvS2Fi
|
||||
czdnWEpUTXJsRVMvdWFzVlJLT281a3JwQi9PMGVDcQoKLS0tIFgvSE14blgvVkxQ
|
||||
b3N5WWlzdG5hajZaVFVkWVlhOXNZKytmZEZrZVprRHMKXqPgDpKG42KsfKfIAflT
|
||||
1meea416Af+WeFhWnw8fBBhApKrMMmYMMjDi1lIOGDz57ydNqtlFqdFtkiQsUC0f
|
||||
wA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzTWVYNXNQcHhHSzVBQmhU
|
||||
ejlOQzJMZ0xEVFVkbzNPQ0hMVHBQWEgzQTFJCkF6ZDNaZ29UM29vWGZqVW10dmlQ
|
||||
YjNFNXJVMlcxT1ZsMU55cE8vc3VjaXMKLS0tIDZYQTRjMWp5a3hKc2N4alZKZHFt
|
||||
TGNwNUQxN0VQMHErMGVZbG5CZW9kSGMK9TRcgSJQT73dYoQxrrqFW/FkKExLGT4T
|
||||
Xagi6Eq4rhT7pvaL4h3vglwbqkLPsHrWRSyhh0sAEIJ1WpvD+cFEMA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-07T14:47:44Z"
|
||||
mac: ENC[AES256_GCM,data:k0yhfVhDmtU8wOZIylaxmmd+8TIXCzCbGhlaQnyeLplH2BDHVnpzAxBJVizS/VtVpAkjMAESndXqW7N6pnGnRWdZPtCxE8KNtz/nUxCZA44cn+mjC+ghKgsgaLuxe4smu0f4u4TK2uFsJqw5J0VGFgMtyKe4AaHujoXWL80zTR0=,iv:xiDrOtto246oPjMw5+ny0qB8HjdMpkzZyPNi3csgMVE=,tag:2xioMXxERDSePdIwPpP7hg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2025-03-07T14:42:24Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMAzy6JxafzLr5AQf/Y0QIIBN0uY3RUj88u5L0tJqypnKOAlfLOMYPkZ0oomAd
|
||||
ZowogLWJgWyFC6NTdZRj84GoF2EAMDZqDAwh7shrZSpuhr0rwT7bGMQ4/VSx/Sxs
|
||||
uCgkzXGMT0DsGjDOw6h17dDLNAnnvViamL1Br3ZXG7gZJXmUhPavL1YXeQciPqjh
|
||||
FyJLAKeb9sQAFUp0Aexo4fKZSJh//O8jTiz7vl5klpQnDHWzpkcuxqIajIoYFdcL
|
||||
ioP1GnrsUDfyXh2zfLcggxs/WHU24/C8DZqWai9WqRA08kJpw+aj1835vmUIWM0W
|
||||
E5TF9h/tOEGw+PGhvwNiEvONhv/tpyLpjoXylbisjtJeAY6Fntxcrssw2cKMimFV
|
||||
UjBuf2vSmQlNBqU+LE0JOICmRsmnLZTEPXnPqpqBTRV4gj4kTLCJYcaEIFP7uSEd
|
||||
WlCyyX28ACGThorQEoQ/W2bFfNT/Mi7CNQ8EOckmKg==
|
||||
=6Qin
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4-unstable
|
|
@ -14,17 +14,51 @@ sops:
|
|||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgQnd3eEhnCm9xWXdTQjZU
|
||||
Znpiak1xdE1kTm56NWI3bUNlQXBFcjhNNFlwbDVUcGhrS2J4Y1M3aXFydjVGYmVI
|
||||
UmNKVmkrb3cKWHNsa2FZaE4zbnJWYVo1SDhTOEZxM0JMRWJ0ckpySk11V09LMkd5
|
||||
bjhQRkpSZG0xYko3aTFqQmVFU3JhSWo1Ugo2Nk0rNzJBNzJvbVJkU0VhSmRRWE5B
|
||||
RUt4S3h1cFZkZHkxOU5VUTcxN1JBNFlaYTkyZTNSM3JVUjhCUStNODRMCjdJRWlv
|
||||
d0g4bnlQMzhWSGUxY04vRnUvbTlyWVQ0eWsvbnk4UmxxOHVZblM3bVFETXJiVjRE
|
||||
b2s1ZFVHaEFNc3EKSDJTYUVSNWtKQS81bUdOcDA0SnZGeE4vQkt6bFZWY1dxNm9S
|
||||
YVhRdjVCb3RGaC94djZZeFhXaTZSVVYzaUJ6KwoxQXNKcU9Dbk8xYWRvaGJwSXdu
|
||||
Zzk4Y09zbW54elJHdjJ6OTNyeURwZ3JJL0gvaFVRUmgyRnNBbXFJU1l5U2FwCm56
|
||||
bzc0TkVWdnNoWnBMMjlKbnZicmRxdXIwd2hCZGp5dEQ2TnBtdTZCdnJRbzIyZFhV
|
||||
L1ZpVW9nZmNqQW45c0cKYnIxQTc2aEowTUprZ1pYVCt3L2NsVHJ5SWF1aHZUR1E5
|
||||
eGVrcUphWk1vVURBL2J4UlZLQXluNC82YnNhQUFOQgoKLS0tICtOTXVyUzZldUJO
|
||||
QkN0eUVRSDlDWmthU0VrRUZDb0VBTVFhL24raHJDcGsKcspICwz+f6y21yogiXO3
|
||||
Qp7evIuOzfWe6pMtge5BjxWTlzIdi2btFTzuTjgZaOiQd8FIB3iTqBkepUVD49jN
|
||||
RQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxQkRWWmYweUNpcDRNbzRW
|
||||
NnQ4R3JPK0oydm9iL0owS0d6Nm92eTFJZldFCnZpUVUvWi9FYTBDSGNvUUJRZHNz
|
||||
QStPT0hCc08xUmh4dEdJdmVPRm01V2cKLS0tIEZPMmNKdGUvNnVWYXZNTHA3SkE3
|
||||
ZTNJbW9EWktPb2M5TVBNekUrZXVoUFkKLEsQVYVp7fTBRDA7RO8Kjpc5MUPb5U7I
|
||||
WKZtNhsMZsP+SLgZWBF1PpvcjlDlNA2Z+Hqsrw6vsq6DYpnxToxfZQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TklEaUl2QkVtVVN5UXlC
|
||||
cW9RaHNoSnRkV0lKTmtYS0VZQnhyM0o0cUFNCmZWemJuOFVyK1ZFbkR1RUZOTEVB
|
||||
WmJFemRrd0xIUW43cElkdVJOM052N2cKLS0tIFJpRTNtQ1hjWGJwSFJLRDNRSm4z
|
||||
WW9MbmZoTllLalpWcFdOa3JpaThPMjQKa5vVGp+L1V2/ScyUe0EaOVw4TB8paS2w
|
||||
79VgplKN6HL+f6bL/0rIUOwJ6PDW944bOioKDYvbUCpBnSRYIHnYoQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-05T22:27:18Z"
|
||||
mac: ENC[AES256_GCM,data:WSopSnWZ+uOllywd7difaZtJcfxkL7eIf9Kr3GajZKO0+rP6pEHIS+5AbXZy6oKRlCLUPecY/WXFvk3//akpvvXHbf6Jp4fQ/YSuTcYKRQupbDBpOXSlc33QyRl6oEyiMOjxMxa2N2tmq8dmA0NbF9wSDMa5a4eNDoiL5T/sUZ8=,iv:QqbVRApzFF6q24rk8KfKuthj656nEczD9Si4INj+N9A=,tag:tMRNYo+u/jIQ6iX3KqKJdA==,type:str]
|
||||
pgp: []
|
||||
pgp:
|
||||
- created_at: "2025-03-07T16:05:59Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMAzy6JxafzLr5AQf/djnT5hse11QoFPbmuu5rmc/0vpOQ79G6MYZtHlXL/HbP
|
||||
hx0r25yTI6ICayFiO7luovz58saN0BY5K1dCbGB7+nZ8lrKoGE4GhX4k5Cc/KJIO
|
||||
BTEbTqMJLezkb34FsuXgD9o2udNysC3Bpi/3NbPCYsJkVeCmx1wyEWzWhz51RO4M
|
||||
WEyKkE0DyJfOpTuY2fofGhaA866firFDrS2SeiU4Dox4au3iR4VYqt6IITmgZdDE
|
||||
M9LRp3AzOPOUZzpeRcer4ksh8WVDIWPEEL+w+OGo8QpUL3kqHIMVPgXY0kBOR+5s
|
||||
tVTCLVe7yoimK/oSYkEx9Z3TYRwKV6ggJWahX7VHaNJeAVxIon8Qs8W2L+f1gclK
|
||||
tPbaE+jCg6AH3apD3ICisxCj0Vvm+NsWMo2skeN2YGyWBCOoeGcG5OhgJtD0cQiw
|
||||
QxCzywMXujxYYAXJEvhk4YRhaCOMkTTMGNoloWMugg==
|
||||
=CHH0
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4-unstable
|
||||
|
|
|
@ -29,14 +29,6 @@
|
|||
|
||||
zramSwap.enable = true;
|
||||
|
||||
sops = {
|
||||
secrets.hello = { };
|
||||
};
|
||||
|
||||
environment.etc."teste-sops" = {
|
||||
text = config.sops.secrets.hello.path;
|
||||
};
|
||||
|
||||
# Enable touchpad support (enabled default in most desktopManager).
|
||||
services.libinput.enable = true;
|
||||
|
||||
|
|
|
@ -18,7 +18,21 @@ in
|
|||
# nix store will be readable in runner, might be insecure
|
||||
thoreb-telemetria-nix = mkNixRunner config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path;
|
||||
thoreb-itinerario-nix = mkNixRunner config.age.secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.path;
|
||||
|
||||
default = {
|
||||
# File should contain at least these two variables:
|
||||
# `CI_SERVER_URL`
|
||||
# `CI_SERVER_TOKEN`
|
||||
authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/docker-images-token".path;
|
||||
dockerImage = "debian:stable";
|
||||
};
|
||||
};
|
||||
};
|
||||
systemd.services.gitlab-runner.serviceConfig.Nice = 10;
|
||||
|
||||
sops.secrets = {
|
||||
"gitlab-runners/docker-images-token" = {
|
||||
sopsFile = ../secrets/monolith/default.yaml;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue