diff --git a/hosts/default.nix b/hosts/default.nix index 2d2d877..fe7f0c8 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -187,6 +187,7 @@ secrets = { "rock5b-wireguard-private-key" = {}; "hercules-ci-join-token".owner = "hercules-ci-agent"; + "hercules-ci-binary-caches".owner = "hercules-ci-agent"; }; colmena.deployment.buildOnTarget = true; }; @@ -232,6 +233,7 @@ # "hydra-github-token".group = "hydra"; "cache-private-key".owner = "nix-serve"; "hercules-ci-join-token".owner = "hercules-ci-agent"; + "hercules-ci-binary-caches".owner = "hercules-ci-agent"; }; }; }; diff --git a/modules/hercules-ci/default.nix b/modules/hercules-ci/default.nix index 10beff5..86b786c 100644 --- a/modules/hercules-ci/default.nix +++ b/modules/hercules-ci/default.nix @@ -8,9 +8,8 @@ settings = { concurrentTasks = 8; clusterJoinTokenPath = config.age.secrets.hercules-ci-join-token.path; - # Don't need using private caches, if I would ever need remember to use agenix! - binaryCachesPath = pkgs.writeText "binary-caches-path" (builtins.toJSON {}); - # secretsJsonPath = config.hci-secrets.hci-mlabs-haskell.target; + binaryCachesPath = config.age.secrets.hercules-ci-binary-caches.path; + # secretsJsonPath = config.hercules-ci-secrets.path; }; }; } diff --git a/secrets/default.nix b/secrets/default.nix index f44fd85..0622a3f 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -11,6 +11,7 @@ in "cache-private-key.age".publicKeys = [ccr-ssh ccr-gpg mothership]; "autistici-password.age".publicKeys = [ccr-ssh ccr-gpg thinkpad]; "hercules-ci-join-token.age".publicKeys = [ccr-ssh ccr-gpg mothership rock5b]; + "hercules-ci-binary-caches.age".publicKeys = [ccr-ssh ccr-gpg mothership rock5b]; # WireGuard "thinkpad-wireguard-private-key.age".publicKeys = [ccr-ssh ccr-gpg thinkpad]; diff --git a/secrets/hercules-ci-binary-caches.age b/secrets/hercules-ci-binary-caches.age index 288053b..03278e8 100644 Binary files a/secrets/hercules-ci-binary-caches.age and b/secrets/hercules-ci-binary-caches.age differ