monolith: migrate ci secrets to sops

system/monolith-gitlab-runner.nix

@@ -1,7 +1,6 @@
 {
   config,
   pkgs,
-  lib,
   ...
 }:
 let
@@ -16,8 +15,8 @@ in
     services = {
       # runner for building in docker via host's nix-daemon
       # nix store will be readable in runner, might be insecure
-      thoreb-telemetria-nix = mkNixRunner config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path;
-      thoreb-itinerario-nix = mkNixRunner config.age.secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.path;
+      thoreb-telemetria-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-telemetria-nix".path;
+      thoreb-itinerario-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-itinerario-nix".path;
 
       default = {
         # File should contain at least these two variables:
@@ -31,6 +30,12 @@ in
   systemd.services.gitlab-runner.serviceConfig.Nice = 10;
 
   sops.secrets = {
+    "gitlab-runners/thoreb-telemetria-nix" = {
+      sopsFile = ../secrets/monolith/default.yaml;
+    };
+    "gitlab-runners/thoreb-itinerario-nix" = {
+      sopsFile = ../secrets/monolith/default.yaml;
+    };
     "gitlab-runners/docker-images-token" = {
       sopsFile = ../secrets/monolith/default.yaml;
     };