monolith: enable nix cache over ssh

2025-06-03 01:15:57 -03:00 · 2025-06-03 01:15:57 -03:00 · 868496d2b9
commit 868496d2b9
parent 22dc422b63
5 changed files with 138 additions and 52 deletions
--- a/system/monolith-gitlab-runner.nix
+++ b/system/monolith-gitlab-runner.nix
@ -4,7 +4,7 @@
  ...
 }:
 let
-  inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner;
+  inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner mkNixRunnerFull;
 in
 {
  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
@ -18,7 +18,10 @@ in
      thoreb-telemetria-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-telemetria-nix".path;
      thoreb-itinerario-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-itinerario-nix".path;

-      wopus-gitlab-nix = mkNixRunner config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
+      wopus-gitlab-nix = mkNixRunnerFull {
+        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
+        nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path;
+      };

      default = {
        # File should contain at least these two variables:
@ -56,5 +59,8 @@ in
    "gitlab-runners/wopus-gitlab-docker-images" = {
      sopsFile = ../secrets/monolith/default.yaml;
    };
+    "gitlab-runners/wopus-ssh-nix-cache-pk" = {
+      sopsFile = ../secrets/monolith/default.yaml;
+    };
  };
 }