From af9bf53afa9b99203afecb85f440679853d48c1f Mon Sep 17 00:00:00 2001
From: sinanmohd <sinan@sinanmohd.com>
Date: Sat, 1 Mar 2025 14:55:27 +0530
Subject: kay/github-runner: setup github runner age master key

---
 os/kay/modules/github-runner.nix | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

(limited to 'os/kay/modules/github-runner.nix')

diff --git a/os/kay/modules/github-runner.nix b/os/kay/modules/github-runner.nix
index 4462ff2..2b838ae 100644
--- a/os/kay/modules/github-runner.nix
+++ b/os/kay/modules/github-runner.nix
@@ -1,14 +1,24 @@
-{ config, ... }: let
-  secret_path = "misc/nocodb-runner-registration-token";
+{ config, ... }:
+let
   repo = "nocodb/nocodb";
-in {
-  sops.secrets.${secret_path} = {};
+in
+{
+  sops.secrets = {
+    "github-runner/nocodb-registration-token" = { };
+    "github-runner/age-master-key" = { };
+  };
 
   services.github-runners.kay = {
     enable = true;
     noDefaultLabels = true;
     extraLabels = [ "nix" ];
-    tokenFile = config.sops.secrets.${secret_path}.path;
+    tokenFile = config.sops.secrets."github-runner/nocodb-registration-token".path;
     url = "https://github.com/${repo}";
   };
+
+  systemd.services."github-runner-kay" = {
+    environment.SOPS_AGE_KEY_FILE = "%d/age-master-key";
+    serviceConfig.LoadCredential =
+      "age-master-key:${config.sops.secrets."github-runner/age-master-key".path}"; 
+  };
 }
-- 
cgit v1.2.3