lelgenio/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 2 Releases Packages Wiki Activity Actions

secrets: migrate forgejo runner to sops

Browse source
This commit is contained in:
Leonardo Eugênio 2026-02-15 03:29:38 -03:00
parent 48e40c47e4
commit ed510001fd
4 changed files with 1 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
secrets/monolith-forgejo-runner-token.age
View file

Binary file not shown.

1
secrets/secrets.nix
View file

@ -2,7 +2,6 @@ let
main_ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15"; main_ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15";
in in
{ {
"monolith-forgejo-runner-token.age".publicKeys = [ main_ssh_public_key ];
"monolith-nix-serve-privkey.age".publicKeys = [ main_ssh_public_key ]; "monolith-nix-serve-privkey.age".publicKeys = [ main_ssh_public_key ];
"factorio-settings.age".publicKeys = [ main_ssh_public_key ]; "factorio-settings.age".publicKeys = [ main_ssh_public_key ];
"phantom-nextcloud.age".publicKeys = [ main_ssh_public_key ]; "phantom-nextcloud.age".publicKeys = [ main_ssh_public_key ];

2
system/monolith-forgejo-runner.nix
View file

@ -6,7 +6,7 @@
enable = true; enable = true;
name = "monolith"; name = "monolith";
url = "https://git.lelgenio.com"; url = "https://git.lelgenio.com";
tokenFile = config.age.secrets.monolith-forgejo-runner-token.path; tokenFile = config.sops.secrets."forgejo-runners/git.lelgenio.com-default".path;
labels = [ labels = [
# provide a debian base with nodejs for actions # provide a debian base with nodejs for actions
"debian-latest:docker://node:18-bullseye" "debian-latest:docker://node:18-bullseye"

1
system/secrets.nix
View file

@ -2,7 +2,6 @@
{ {
age = { age = {
identityPaths = [ "/root/.ssh/id_rsa" ]; identityPaths = [ "/root/.ssh/id_rsa" ];
secrets.monolith-forgejo-runner-token.file = ../secrets/monolith-forgejo-runner-token.age;
secrets.monolith-nix-serve-privkey.file = ../secrets/monolith-nix-serve-privkey.age; secrets.monolith-nix-serve-privkey.file = ../secrets/monolith-nix-serve-privkey.age;
}; };
} }