From 83b8f7d95222370ffa3f679c3a0a56ff3f45a618 Mon Sep 17 00:00:00 2001
From: Andrea Ciceri <andrea.ciceri@autistici.org>
Date: Fri, 8 Dec 2023 10:54:25 +0100
Subject: [PATCH] New `hercules-ci-secrets-json` secret

---
 hosts/default.nix                    |   1 +
 modules/hercules-ci/default.nix      |   7 ++-----
 secrets/default.nix                  |   1 +
 secrets/hercules-ci-secrets-json.age | Bin 0 -> 1875 bytes
 4 files changed, 4 insertions(+), 5 deletions(-)
 create mode 100644 secrets/hercules-ci-secrets-json.age

diff --git a/hosts/default.nix b/hosts/default.nix
index 4c95461..3ed8924 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -81,6 +81,7 @@
         "cachix-personal-token".owner = "ccr";
         "hercules-ci-join-token".owner = "hercules-ci-agent";
         "hercules-ci-binary-caches".owner = "hercules-ci-agent";
+        "hercules-ci-secrets-json".owner = "hercules-ci-agent";
         "git-workspace-tokens".owner = "ccr";
       };
     };
diff --git a/modules/hercules-ci/default.nix b/modules/hercules-ci/default.nix
index 44b9727..1b9ec51 100644
--- a/modules/hercules-ci/default.nix
+++ b/modules/hercules-ci/default.nix
@@ -1,14 +1,11 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
+{config, ...}: {
   services.hercules-ci-agent = {
     enable = true;
     settings = {
       concurrentTasks = 32;
       clusterJoinTokenPath = config.age.secrets.hercules-ci-join-token.path;
       binaryCachesPath = config.age.secrets.hercules-ci-binary-caches.path;
+      secretsJsonPath = config.age.secrets.hercules-ci-secrets-json.path;
     };
   };
 
diff --git a/secrets/default.nix b/secrets/default.nix
index bd58f39..5b0faad 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -12,6 +12,7 @@ in
     "autistici-password.age".publicKeys = [ccr-ssh ccr-gpg thinkpad];
     "hercules-ci-join-token.age".publicKeys = [ccr-ssh ccr-gpg mothership rock5b picard];
     "hercules-ci-binary-caches.age".publicKeys = [ccr-ssh ccr-gpg mothership rock5b picard];
+    "hercules-ci-secrets-json.age".publicKeys = [ccr-ssh ccr-gpg mothership rock5b picard];
     "minio-credentials.age".publicKeys = [ccr-ssh ccr-gpg mothership];
     "aws-credentials.age".publicKeys = [ccr-ssh ccr-gpg mothership rock5b];
     "nextcloud-admin-pass.age".publicKeys = [ccr-ssh ccr-gpg rock5b];
diff --git a/secrets/hercules-ci-secrets-json.age b/secrets/hercules-ci-secrets-json.age
new file mode 100644
index 0000000000000000000000000000000000000000..c79f58f9aaf6df7d5329f672067c2658c4b00cf2
GIT binary patch
literal 1875
zcmZXUH_pTg6@{r?Qap+7@2wx_)F3&h@i>g*bk5_P$AN~1g&;lYNw5OM0uT#;9(KSE
z7z!i={gIB&x!*l;nSbYfI-lcO4gD{NxrE*b@cpZ=WqEziOZ)|~amnpKDTml&!rr8?
zq#Kr*W<m%GOBAL+d87KSa<PTnQ^FSGl&|u7Azt_P8xZzNuttn^1UjaUh^L=FEjDwS
zn=GF_Y<HWeb%9}`NJq4BVYXJv4~sx)q9c#aQqCRc9QRA0*b#te@p^|zp}r_|d``?X
z7z7t7CDAq>k$Ng=g{y|GoSC<p?W09KYxd6QO2>h51q&G94|B2N=-`sCl)opvGvBbJ
zB8wNNMRDmrsvvR4plvo{uj_8w65kKnWLqQHok_ci0C(;BmEcv2L@bCL9Mv9JNNab@
z<k-ZQ&?K%g!8C4pbc8o=MTl8?gcTALRB8Kdf&g?EXv$^2#b5w43O2ail?`tz;|ICs
zH$R_u78zGw4QUiEkTk~+(`_Z1v{Mkgf;j}pmld~??c1_XACTuph8szR-UOsDID8IE
z@PKdRfF+N5a*IT+@s5QouT%#~Li`5@__3QHqQDinP7OtKtq+@$eF}Qg1#@`tCWeb}
zzx9Rwf=x5Ww&oz*ZgnN7Q?PW^IDip#p)c`rzuo&%!q+O@#syY%jb&;utqwY9$BWfZ
zSzq5qnVeZ67TzlC&o{p04paeEm_8S5uVJrYrwT0Ts!kSxMr3>m^Ad6)P`1k#Vjw~D
zs;bRD6v_$esohP)=F<ZO>fr4p4Prz)*^8xQjIzsg!owFK_06AAu%mB#^*Vdf>Hp@~
zR%Q%hfzn3S7R%HPYCvblBG3YZ_E_|H)pAw~YAk$=7roNzhN5Ql6bK*9Flg;Oj+grh
zZ2`t@db37Zx{0wp$pq?pE?IT7)OE3hW}U(3{7jEa%F`bjv3~1pl!vhStO!44saytX
zDK=o1S9aadMbR8Henr5>;W0FWl6*6HMo}hdMl9w{NKv#)U@k~1?c5>#>dTq{RDo?y
zd86>bXV3Db9~o@9Q6}9O+u@)EHKOB=XOx=2(#BLh!XD<8?N9hAm@o255x_i2UaK83
z9PpQ!ieQn~5OwA?{Zc}`pF`!YR8k@oujC>5_?$#Hgn`zrT1ri``G*8d{kk27)o2M+
ztde8<dE2oLM+Y)vj|W|f^e`1(!rEt;4yymKhyqR4O4vxJP^^psn)sL#*qN?{)XbAr
z7}Dl!YL6d{#d14mC$IGL+#0G@IvVSY>KRqpO}2zapGLHl0j!g+A6X7(&Fj>awzHvt
zuay_qk9O#5NxUCJpc%bNj^e(kJ+Cs8%bd8YG`oU10u1bBE3R8EUxS>&I&AN`Dq0=Y
zUD8e1&dlN33%*z_Q$h9^mNZa5&?<@QhOcHJpLPa_<cWxH-sxtc2a8*kHGaImafQBF
zg~RxB5s#&AlXq$^>5a!{POyYkGW;3ja*XZXKw*vOEO+_6RWDDYXV@BMRI&wWcOGJX
zv+gZ9jJRrY)9@dT^9&^jg!!64&+6H);+duMlh5QOO;S#^>uvJyGcr={fQGI&lICYC
z{Zl`W2=H0My6h=nLpBfY1~){nQ9zG{Mjq#`RQ(<tQH}5;SF!)=W|o@5?_Z#bs~MF&
zn-;l8_HlR9D|lM;K6{9U6(-h!QoG#r6z_4M@hGBtcyl|vUrKy`b`R<pKub|Mi45&*
zzG<`jET^3m{?82xI`vk5u_|}yK_y}3gU2_syC~6K9vd`BNRv9=1+!eNsgG618lZk3
z-e>C=<NUN>E%#;H*E~1X0_qYnUf{A2v4$UK7P9}H4Y_}pa~?1G2Lj;x`}@l_sxZLs
zgX7@0kCs9&qP?RF6dK}sYP(6DOunJe9BdKr_i}0enf~qv^RIt7e>i^g<Da2Fo!#&M
U@Y6s3`0Jnj_7~XSpr1eg1&Cj26#xJL

literal 0
HcmV?d00001