lelgenio/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 2 Releases Packages Wiki Activity Actions

monolith: migrate ci secrets to sops

Browse source
This commit is contained in:
Leonardo Eugênio 2025-03-07 14:56:02 -03:00
parent 0bc125c944
commit b52a886806
2 changed files with 14 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

11
system/monolith-gitlab-runner.nix
View file

@ -1,7 +1,6 @@
{
config,
pkgs,
lib,
...
}:
let
@ -16,8 +15,8 @@ in
services = {
# runner for building in docker via host's nix-daemon
# nix store will be readable in runner, might be insecure
thoreb-telemetria-nix = mkNixRunner config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path;
thoreb-itinerario-nix = mkNixRunner config.age.secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.path;
thoreb-telemetria-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-telemetria-nix".path;
thoreb-itinerario-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-itinerario-nix".path;
default = {
# File should contain at least these two variables:
@ -31,6 +30,12 @@ in
systemd.services.gitlab-runner.serviceConfig.Nice = 10;
sops.secrets = {
"gitlab-runners/thoreb-telemetria-nix" = {
sopsFile = ../secrets/monolith/default.yaml;
};
"gitlab-runners/thoreb-itinerario-nix" = {
sopsFile = ../secrets/monolith/default.yaml;
};
"gitlab-runners/docker-images-token" = {
sopsFile = ../secrets/monolith/default.yaml;
};