New hercules-ci-secrets-json secret

2023-12-08 10:54:25 +01:00 · 2023-12-08 10:54:25 +01:00 · 83b8f7d952
commit 83b8f7d952
parent 8bcc6d32eb
4 changed files with 4 additions and 5 deletions
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -81,6 +81,7 @@
        "cachix-personal-token".owner = "ccr";
        "hercules-ci-join-token".owner = "hercules-ci-agent";
        "hercules-ci-binary-caches".owner = "hercules-ci-agent";
+        "hercules-ci-secrets-json".owner = "hercules-ci-agent";
        "git-workspace-tokens".owner = "ccr";
      };
    };
--- a/modules/hercules-ci/default.nix
+++ b/modules/hercules-ci/default.nix
@ -1,14 +1,11 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
+{config, ...}: {
  services.hercules-ci-agent = {
    enable = true;
    settings = {
      concurrentTasks = 32;
      clusterJoinTokenPath = config.age.secrets.hercules-ci-join-token.path;
      binaryCachesPath = config.age.secrets.hercules-ci-binary-caches.path;
+      secretsJsonPath = config.age.secrets.hercules-ci-secrets-json.path;
    };
  };

--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -12,6 +12,7 @@ in
    "autistici-password.age".publicKeys = [ccr-ssh ccr-gpg thinkpad];
    "hercules-ci-join-token.age".publicKeys = [ccr-ssh ccr-gpg mothership rock5b picard];
    "hercules-ci-binary-caches.age".publicKeys = [ccr-ssh ccr-gpg mothership rock5b picard];
+    "hercules-ci-secrets-json.age".publicKeys = [ccr-ssh ccr-gpg mothership rock5b picard];
    "minio-credentials.age".publicKeys = [ccr-ssh ccr-gpg mothership];
    "aws-credentials.age".publicKeys = [ccr-ssh ccr-gpg mothership rock5b];
    "nextcloud-admin-pass.age".publicKeys = [ccr-ssh ccr-gpg rock5b];
--- a/secrets/hercules-ci-secrets-json.age
+++ b/secrets/hercules-ci-secrets-json.age