From 29989bc0ab8199e3f2501fad5a9ae8f7271ecff3 Mon Sep 17 00:00:00 2001
From: Andrea Ciceri <andrea.ciceri@autistici.org>
Date: Thu, 25 Jan 2024 11:29:12 +0100
Subject: [PATCH] `hercules-ci` things

---
 modules/hercules-ci/default.nix | 34 ++++++++++++++++-----------------
 1 file changed, 16 insertions(+), 18 deletions(-)

diff --git a/modules/hercules-ci/default.nix b/modules/hercules-ci/default.nix
index 1b9ec51..6a8da22 100644
--- a/modules/hercules-ci/default.nix
+++ b/modules/hercules-ci/default.nix
@@ -9,24 +9,22 @@
     };
   };
 
-  # Popola /var/lib/hercules-ci-agent/.ssh/ e /root/ con chiavi in grado di accedere root@cache.aciceri.dev
+  systemd.tmpfiles.rules = [
+    "d ${config.users.users.root.home}/.aws 770 root root"
+    "d ${config.users.users.hercules-ci-agent.home}/.aws 770 hercules-ci-agent hercules-ci-agent"
+  ];
 
-  # systemd.tmpfiles.rules = [
-  #   "d ${config.users.users.root.home}/.aws 770 root root"
-  #   "d ${config.users.users.hercules-ci-agent.home}/.aws 770 hercules-ci-agent hercules-ci-agent"
-  # ];
+  system.activationScripts.aws-credentials = ''
+    install ${config.age.secrets.aws-credentials.path} \
+      ${config.users.users.hercules-ci-agent.home}/.aws/credentials \
+      -D \
+      --owner=hercules-ci-agent \
+      --group=hercules-ci-agent \
+      --mode=770
 
-  # system.activationScripts.aws-credentials = ''
-  #   install ${config.age.secrets.aws-credentials.path} \
-  #     ${config.users.users.hercules-ci-agent.home}/.aws/credentials \
-  #     -D \
-  #     --owner=hercules-ci-agent \
-  #     --group=hercules-ci-agent \
-  #     --mode=770
-
-  #   install \
-  #     ${config.age.secrets.aws-credentials.path} \
-  #     -D \
-  #     ${config.users.users.root.home}/.aws/credentials
-  # '';
+    install \
+      ${config.age.secrets.aws-credentials.path} \
+      -D \
+      ${config.users.users.root.home}/.aws/credentials
+  '';
 }