hydra: add github access token
This commit is contained in:
parent
6072dbca1b
commit
9d9cc81671
|
@ -35,6 +35,7 @@ in
|
|||
supportedFeatures = [ "kvm" "nixos-test" ];
|
||||
maxJobs = 1;
|
||||
}];
|
||||
checkConfig = config.nix.extraOptions == "";
|
||||
daemonCPUSchedPolicy = "idle";
|
||||
daemonIOSchedClass = "idle";
|
||||
daemonIOSchedPriority = 7;
|
||||
|
@ -51,6 +52,9 @@ in
|
|||
"nixos-test" "benchmark"
|
||||
];
|
||||
};
|
||||
extraOptions = ''
|
||||
include ${config.sops.secrets."nix/access-tokens".path}
|
||||
'';
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
@ -131,7 +135,7 @@ in
|
|||
useSubstitutes = true;
|
||||
extraConfig =
|
||||
let
|
||||
key = config.sops.secrets."nix-serve/secretKey".path;
|
||||
key = config.sops.secrets."nix/signing-key/secretKey".path;
|
||||
in
|
||||
''
|
||||
binary_cache_secret_key_file = ${key}
|
||||
|
@ -205,7 +209,7 @@ in
|
|||
workers = 20;
|
||||
max_connection_rate = 1024;
|
||||
priority = 50;
|
||||
sign_key_path = config.sops.secrets."nix-serve/secretKey".path;
|
||||
sign_key_path = config.sops.secrets."nix/signing-key/secretKey".path;
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -264,7 +268,10 @@ in
|
|||
mode = "444";
|
||||
path = "/etc/machine-id";
|
||||
};
|
||||
"nix-serve/secretKey" = {
|
||||
"nix/access-tokens" = {
|
||||
mode = "444";
|
||||
};
|
||||
"nix/signing-key/secretKey" = {
|
||||
mode = "440";
|
||||
owner = config.users.users.hydra-queue-runner.name;
|
||||
inherit (config.users.users.hydra-queue-runner) group;
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
machine-id: ENC[AES256_GCM,data:/DmTA1InXn2MWnqmhkHYWaI504qnT0dFoQj2gganMqA=,iv:bBDMsChgDqVk47MHlP3ZeGq8pxurTwMxHDhXTWOXNB0=,tag:mlAljtHyp6LsK/xtnpBfYQ==,type:str]
|
||||
nix-serve:
|
||||
publicKey: ENC[AES256_GCM,data:sR5wk7yvH5+lLpSIP0zNqCLvDRRvR8ws4Q8rVcVJx8YkrywwPcvIsJ1h6mVEu3nc6SLoZlQsuxOGCyNGD98CBNY=,iv:fFV2D27hWoxGtqVt3EnS4hMlrqW5LnIZ3LB5k4xmFWs=,tag:g7R1ossy2On6B2nVfKC9iA==,type:str]
|
||||
secretKey: ENC[AES256_GCM,data:cm84sA7E6AnzpVoYuaYepbHGWkRigLdD2RxN21UsXCe7FXQxeTQTxxbzVxJ3G9Lt3kRXuZnODntOo5EQKhs46+wzpO8YLKQxkJXrdluXoGVIWl3/6QFVq66XLJ2i6G4eBK9IH0DYJ+anj8/i8Q==,iv:GEM8Vmx0A8LfJo7QOl0N67Cgk+JqHpp7r+41VivmTg4=,tag:O4Kq4WKgbyt354HSa/7eQQ==,type:str]
|
||||
nix:
|
||||
access-tokens: ENC[AES256_GCM,data:6qYsInpdUwkWCFroA9AMUIHfu2/XoKfHPtwLRyaIffrcAa9KaHfgO7fKAvsySkaQ7mc9yImZxC5/AurN6zDMTOe1YQ4tVxcsDcBOtjEF+EBJjY2gS5LmxkreIr5+I8TYHSO0Bj7CZQAZOdtQW7mZ6CQ=,iv:NW4moujf3yCEbmLIW5lp+Zc0IMAy1W8xsVXgaCIpNUY=,tag:GkQNy8IarFWPkCTIxbn1gw==,type:str]
|
||||
signing-key:
|
||||
publicKey: ENC[AES256_GCM,data:OV549m0+BA0BkYHQu0wx0d4XYkxwq9aNU7k6lLZ82blI5tf90UlKlCbVmA0wK5aVoGEBvQtBdntBMgubsH1GHJc=,iv:H/upNu0xCDKHPivYTYySKZ6a+XVJWV1vvRwfwKomJLU=,tag:xkFTTGyNS/UCQ5fmlLnnDA==,type:str]
|
||||
secretKey: ENC[AES256_GCM,data:CMEER5Pcv2T0dYrgcrEH10uC6BM1pUOdAaQWA95lNQ3giuHdXzslFq3FTsk8hYODngNdNt/0ZOe67iWdJMjqSPKO2oTDofGtUL9GVordjnRpEtSgFkLbEjJ8kZff/IbXJzScdHEM676UhIdC3g==,iv:yVqWLuXFCCGjaiVHIKQbaagCxasqpVhS+4JnQWdecPk=,tag:F7zPgTzOxUiAJggmZAnaIg==,type:str]
|
||||
ldap:
|
||||
search-user-pw: ENC[AES256_GCM,data:tSWin/QPIow2P5Aps/XaT42J+MXb8+a24SEri1QjF1O3bDlCxcR8RHqSX8d4Vg==,iv:P5qMaE2cdKxTaXuKO2nh+LDhKkY3psSlWf+JckmUYt4=,tag:eq8XW7P6FNlkviY5PydkZg==,type:str]
|
||||
ssh-keys:
|
||||
|
@ -38,8 +40,8 @@ sops:
|
|||
WkRmWkpEYVMrZ0tKQVgrRk5YU0grTFEK3cX9v11MK9LIw4w51hr2zyLP3biGxkdf
|
||||
dl77D0IS9m2u0HipmzUs95m+z5j47hiX4Qo1Uza/sshwDBYyia4upg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-01-06T21:53:26Z"
|
||||
mac: ENC[AES256_GCM,data:9DZDaGv7GDp0AqsxZ4AWYgUFa13nBisTk24Ftk6Fiwk/hSQo7zvYE1P4Nw9GzLtiwPzu8h0JznK1OdPoQyMaRW+i3cuCeWJsEJiJlJzYSDBRmONy/NdzCAgZ9X1KWkxKhq41FoEvsReEE0ftcxBobaCpCc8EuHDPoapKm9VDdg4=,iv:z+pp0EdOByM0pLLtFnI7QApnNYSqELGDQO8jHFH/9Uk=,tag:AuiqZ/e11tq+6nFn0FjPrw==,type:str]
|
||||
lastmodified: "2023-01-06T23:28:11Z"
|
||||
mac: ENC[AES256_GCM,data:2+jeXXMS5ZwEXULBHHpFosXW9Z5CAC165QQ7iJ0uY7JRoeAgBYgrYX3LDU56BMY10eiiYoUyqGh5XdLy3dJud3qTQosMo4fgO1THgBa2xtxUNHgVnH8yqJl3ncNiIgPbusa4f3KVaar30Zs31nbuomLDBfbrI6k63QpTz3Kp2xE=,iv:MUt+G1/HRps6GokWAUalA5LbC9tnfN3PpzwBqZ69m30=,tag:HbvuMLTvEbEIDk8t/63O9w==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-12-26T19:10:03Z"
|
||||
enc: |
|
||||
|
|
Loading…
Reference in New Issue