hydra: add github access token
This commit is contained in:
parent
6072dbca1b
commit
9d9cc81671
|
@ -35,6 +35,7 @@ in
|
||||||
supportedFeatures = [ "kvm" "nixos-test" ];
|
supportedFeatures = [ "kvm" "nixos-test" ];
|
||||||
maxJobs = 1;
|
maxJobs = 1;
|
||||||
}];
|
}];
|
||||||
|
checkConfig = config.nix.extraOptions == "";
|
||||||
daemonCPUSchedPolicy = "idle";
|
daemonCPUSchedPolicy = "idle";
|
||||||
daemonIOSchedClass = "idle";
|
daemonIOSchedClass = "idle";
|
||||||
daemonIOSchedPriority = 7;
|
daemonIOSchedPriority = 7;
|
||||||
|
@ -51,6 +52,9 @@ in
|
||||||
"nixos-test" "benchmark"
|
"nixos-test" "benchmark"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
extraOptions = ''
|
||||||
|
include ${config.sops.secrets."nix/access-tokens".path}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
@ -131,7 +135,7 @@ in
|
||||||
useSubstitutes = true;
|
useSubstitutes = true;
|
||||||
extraConfig =
|
extraConfig =
|
||||||
let
|
let
|
||||||
key = config.sops.secrets."nix-serve/secretKey".path;
|
key = config.sops.secrets."nix/signing-key/secretKey".path;
|
||||||
in
|
in
|
||||||
''
|
''
|
||||||
binary_cache_secret_key_file = ${key}
|
binary_cache_secret_key_file = ${key}
|
||||||
|
@ -205,7 +209,7 @@ in
|
||||||
workers = 20;
|
workers = 20;
|
||||||
max_connection_rate = 1024;
|
max_connection_rate = 1024;
|
||||||
priority = 50;
|
priority = 50;
|
||||||
sign_key_path = config.sops.secrets."nix-serve/secretKey".path;
|
sign_key_path = config.sops.secrets."nix/signing-key/secretKey".path;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -264,7 +268,10 @@ in
|
||||||
mode = "444";
|
mode = "444";
|
||||||
path = "/etc/machine-id";
|
path = "/etc/machine-id";
|
||||||
};
|
};
|
||||||
"nix-serve/secretKey" = {
|
"nix/access-tokens" = {
|
||||||
|
mode = "444";
|
||||||
|
};
|
||||||
|
"nix/signing-key/secretKey" = {
|
||||||
mode = "440";
|
mode = "440";
|
||||||
owner = config.users.users.hydra-queue-runner.name;
|
owner = config.users.users.hydra-queue-runner.name;
|
||||||
inherit (config.users.users.hydra-queue-runner) group;
|
inherit (config.users.users.hydra-queue-runner) group;
|
||||||
|
|
|
@ -1,7 +1,9 @@
|
||||||
machine-id: ENC[AES256_GCM,data:/DmTA1InXn2MWnqmhkHYWaI504qnT0dFoQj2gganMqA=,iv:bBDMsChgDqVk47MHlP3ZeGq8pxurTwMxHDhXTWOXNB0=,tag:mlAljtHyp6LsK/xtnpBfYQ==,type:str]
|
machine-id: ENC[AES256_GCM,data:/DmTA1InXn2MWnqmhkHYWaI504qnT0dFoQj2gganMqA=,iv:bBDMsChgDqVk47MHlP3ZeGq8pxurTwMxHDhXTWOXNB0=,tag:mlAljtHyp6LsK/xtnpBfYQ==,type:str]
|
||||||
nix-serve:
|
nix:
|
||||||
publicKey: ENC[AES256_GCM,data:sR5wk7yvH5+lLpSIP0zNqCLvDRRvR8ws4Q8rVcVJx8YkrywwPcvIsJ1h6mVEu3nc6SLoZlQsuxOGCyNGD98CBNY=,iv:fFV2D27hWoxGtqVt3EnS4hMlrqW5LnIZ3LB5k4xmFWs=,tag:g7R1ossy2On6B2nVfKC9iA==,type:str]
|
access-tokens: ENC[AES256_GCM,data:6qYsInpdUwkWCFroA9AMUIHfu2/XoKfHPtwLRyaIffrcAa9KaHfgO7fKAvsySkaQ7mc9yImZxC5/AurN6zDMTOe1YQ4tVxcsDcBOtjEF+EBJjY2gS5LmxkreIr5+I8TYHSO0Bj7CZQAZOdtQW7mZ6CQ=,iv:NW4moujf3yCEbmLIW5lp+Zc0IMAy1W8xsVXgaCIpNUY=,tag:GkQNy8IarFWPkCTIxbn1gw==,type:str]
|
||||||
secretKey: ENC[AES256_GCM,data:cm84sA7E6AnzpVoYuaYepbHGWkRigLdD2RxN21UsXCe7FXQxeTQTxxbzVxJ3G9Lt3kRXuZnODntOo5EQKhs46+wzpO8YLKQxkJXrdluXoGVIWl3/6QFVq66XLJ2i6G4eBK9IH0DYJ+anj8/i8Q==,iv:GEM8Vmx0A8LfJo7QOl0N67Cgk+JqHpp7r+41VivmTg4=,tag:O4Kq4WKgbyt354HSa/7eQQ==,type:str]
|
signing-key:
|
||||||
|
publicKey: ENC[AES256_GCM,data:OV549m0+BA0BkYHQu0wx0d4XYkxwq9aNU7k6lLZ82blI5tf90UlKlCbVmA0wK5aVoGEBvQtBdntBMgubsH1GHJc=,iv:H/upNu0xCDKHPivYTYySKZ6a+XVJWV1vvRwfwKomJLU=,tag:xkFTTGyNS/UCQ5fmlLnnDA==,type:str]
|
||||||
|
secretKey: ENC[AES256_GCM,data:CMEER5Pcv2T0dYrgcrEH10uC6BM1pUOdAaQWA95lNQ3giuHdXzslFq3FTsk8hYODngNdNt/0ZOe67iWdJMjqSPKO2oTDofGtUL9GVordjnRpEtSgFkLbEjJ8kZff/IbXJzScdHEM676UhIdC3g==,iv:yVqWLuXFCCGjaiVHIKQbaagCxasqpVhS+4JnQWdecPk=,tag:F7zPgTzOxUiAJggmZAnaIg==,type:str]
|
||||||
ldap:
|
ldap:
|
||||||
search-user-pw: ENC[AES256_GCM,data:tSWin/QPIow2P5Aps/XaT42J+MXb8+a24SEri1QjF1O3bDlCxcR8RHqSX8d4Vg==,iv:P5qMaE2cdKxTaXuKO2nh+LDhKkY3psSlWf+JckmUYt4=,tag:eq8XW7P6FNlkviY5PydkZg==,type:str]
|
search-user-pw: ENC[AES256_GCM,data:tSWin/QPIow2P5Aps/XaT42J+MXb8+a24SEri1QjF1O3bDlCxcR8RHqSX8d4Vg==,iv:P5qMaE2cdKxTaXuKO2nh+LDhKkY3psSlWf+JckmUYt4=,tag:eq8XW7P6FNlkviY5PydkZg==,type:str]
|
||||||
ssh-keys:
|
ssh-keys:
|
||||||
|
@ -38,8 +40,8 @@ sops:
|
||||||
WkRmWkpEYVMrZ0tKQVgrRk5YU0grTFEK3cX9v11MK9LIw4w51hr2zyLP3biGxkdf
|
WkRmWkpEYVMrZ0tKQVgrRk5YU0grTFEK3cX9v11MK9LIw4w51hr2zyLP3biGxkdf
|
||||||
dl77D0IS9m2u0HipmzUs95m+z5j47hiX4Qo1Uza/sshwDBYyia4upg==
|
dl77D0IS9m2u0HipmzUs95m+z5j47hiX4Qo1Uza/sshwDBYyia4upg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-01-06T21:53:26Z"
|
lastmodified: "2023-01-06T23:28:11Z"
|
||||||
mac: ENC[AES256_GCM,data:9DZDaGv7GDp0AqsxZ4AWYgUFa13nBisTk24Ftk6Fiwk/hSQo7zvYE1P4Nw9GzLtiwPzu8h0JznK1OdPoQyMaRW+i3cuCeWJsEJiJlJzYSDBRmONy/NdzCAgZ9X1KWkxKhq41FoEvsReEE0ftcxBobaCpCc8EuHDPoapKm9VDdg4=,iv:z+pp0EdOByM0pLLtFnI7QApnNYSqELGDQO8jHFH/9Uk=,tag:AuiqZ/e11tq+6nFn0FjPrw==,type:str]
|
mac: ENC[AES256_GCM,data:2+jeXXMS5ZwEXULBHHpFosXW9Z5CAC165QQ7iJ0uY7JRoeAgBYgrYX3LDU56BMY10eiiYoUyqGh5XdLy3dJud3qTQosMo4fgO1THgBa2xtxUNHgVnH8yqJl3ncNiIgPbusa4f3KVaar30Zs31nbuomLDBfbrI6k63QpTz3Kp2xE=,iv:MUt+G1/HRps6GokWAUalA5LbC9tnfN3PpzwBqZ69m30=,tag:HbvuMLTvEbEIDk8t/63O9w==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2022-12-26T19:10:03Z"
|
- created_at: "2022-12-26T19:10:03Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|
Loading…
Reference in New Issue
Block a user