hercules-ci things

2024-01-25 11:29:12 +01:00 · 2024-01-25 11:29:12 +01:00 · 29989bc0ab
commit 29989bc0ab
parent 7da8e645b7
1 changed files with 16 additions and 18 deletions
--- a/modules/hercules-ci/default.nix
+++ b/modules/hercules-ci/default.nix
@ -9,24 +9,22 @@
    };
  };

-  # Popola /var/lib/hercules-ci-agent/.ssh/ e /root/ con chiavi in grado di accedere root@cache.aciceri.dev
+  systemd.tmpfiles.rules = [
+    "d ${config.users.users.root.home}/.aws 770 root root"
+    "d ${config.users.users.hercules-ci-agent.home}/.aws 770 hercules-ci-agent hercules-ci-agent"
+  ];

-  # systemd.tmpfiles.rules = [
-  #   "d ${config.users.users.root.home}/.aws 770 root root"
-  #   "d ${config.users.users.hercules-ci-agent.home}/.aws 770 hercules-ci-agent hercules-ci-agent"
-  # ];
+  system.activationScripts.aws-credentials = ''
+    install ${config.age.secrets.aws-credentials.path} \
+      ${config.users.users.hercules-ci-agent.home}/.aws/credentials \
+      -D \
+      --owner=hercules-ci-agent \
+      --group=hercules-ci-agent \
+      --mode=770

-  # system.activationScripts.aws-credentials = ''
-  #   install ${config.age.secrets.aws-credentials.path} \
-  #     ${config.users.users.hercules-ci-agent.home}/.aws/credentials \
-  #     -D \
-  #     --owner=hercules-ci-agent \
-  #     --group=hercules-ci-agent \
-  #     --mode=770
-
-  #   install \
-  #     ${config.age.secrets.aws-credentials.path} \
-  #     -D \
-  #     ${config.users.users.root.home}/.aws/credentials
-  # '';
+    install \
+      ${config.age.secrets.aws-credentials.path} \
+      -D \
+      ${config.users.users.root.home}/.aws/credentials
+  '';
 }