diff options
| author | sinanmohd <sinan@sinanmohd.com> | 2025-03-01 14:55:27 +0530 | 
|---|---|---|
| committer | sinanmohd <sinan@sinanmohd.com> | 2025-03-01 14:55:52 +0530 | 
| commit | af9bf53afa9b99203afecb85f440679853d48c1f (patch) | |
| tree | 03d5a91d22b00e5b338fd122233eb15bafeb607e /os/kay/modules | |
| parent | 1a767269445960da0c3bd0c93dccebe7b0dfd8ec (diff) | |
kay/github-runner: setup github runner age master key
Diffstat (limited to 'os/kay/modules')
| -rw-r--r-- | os/kay/modules/github-runner.nix | 20 | 
1 files changed, 15 insertions, 5 deletions
| diff --git a/os/kay/modules/github-runner.nix b/os/kay/modules/github-runner.nix index 4462ff2..2b838ae 100644 --- a/os/kay/modules/github-runner.nix +++ b/os/kay/modules/github-runner.nix @@ -1,14 +1,24 @@ -{ config, ... }: let -  secret_path = "misc/nocodb-runner-registration-token"; +{ config, ... }: +let    repo = "nocodb/nocodb"; -in { -  sops.secrets.${secret_path} = {}; +in +{ +  sops.secrets = { +    "github-runner/nocodb-registration-token" = { }; +    "github-runner/age-master-key" = { }; +  };    services.github-runners.kay = {      enable = true;      noDefaultLabels = true;      extraLabels = [ "nix" ]; -    tokenFile = config.sops.secrets.${secret_path}.path; +    tokenFile = config.sops.secrets."github-runner/nocodb-registration-token".path;      url = "https://github.com/${repo}";    }; + +  systemd.services."github-runner-kay" = { +    environment.SOPS_AGE_KEY_FILE = "%d/age-master-key"; +    serviceConfig.LoadCredential = +      "age-master-key:${config.sops.secrets."github-runner/age-master-key".path}";  +  };  } | 
