Secrets: add agenix config

system/cachix.nix

@@ -1,8 +1,8 @@
-{ pkgs, ... }: {
+{ pkgs, config, ... }: {
   services.cachix-watch-store = {
     enable = true;
     cacheName = "lelgenio";
-    cachixTokenFile = "/etc/cachix-token";
+    cachixTokenFile = config.age.secrets.lelgenio-cachix.path;
   };
   systemd.services.cachix-watch-store-agent.serviceConfig.TimeoutStopSec = 3;
 }

system/configuration.nix

@@ -52,6 +52,12 @@
     permitRootLogin = "no";
     ports = [ 9022 ];
   };
+  # programs.ssh = {
+  #   startAgent = true;
+  #   extraConfig = ''
+  #     AddKeysToAgent yes
+  #   '';
+  # };
 
   ## Enable sound with pipewire.
   sound.enable = true;

system/gitlab-runner.nix

@@ -5,13 +5,13 @@
     enable = true;
     settings.concurrent = 4;
     services = {
-      ci_test = {
-        registrationConfigFile = "/srv/gitlab-runner/env/ci_test";
-        dockerImage = "debian";
-        dockerPrivileged = true;
-      };
+      # ci_test = {
+      #   registrationConfigFile = "/srv/gitlab-runner/env/ci_test";
+      #   dockerImage = "debian";
+      #   dockerPrivileged = true;
+      # };
       thoreb_builder = {
-        registrationConfigFile = "/srv/gitlab-runner/env/thoreb_builder";
+        registrationConfigFile = config.age.secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.path;
         dockerImage = "debian";
         dockerPrivileged = true;
       };

system/secrets.nix

@@ -0,0 +1,8 @@
+{ pkgs, ... }: {
+  age = {
+    identityPaths = [ "/home/lelgenio/.ssh/id_rsa" ];
+    secrets.lelgenio-cachix.file = ../secrets/lelgenio-cachix.age;
+    secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.file =
+      ../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
+  };
+}