From c434d1769f4b87fddc0a650958822c13d3f0d2c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Thu, 2 Feb 2023 23:37:40 +0100 Subject: [PATCH] Update drone runner secrets --- hosts/chocolatebar/chocolatebar.nix | 12 +++++++++++- secrets/drone-runner-exec-config | Bin 2535 -> 2570 bytes 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/hosts/chocolatebar/chocolatebar.nix b/hosts/chocolatebar/chocolatebar.nix index ad6e842..e1011b1 100644 --- a/hosts/chocolatebar/chocolatebar.nix +++ b/hosts/chocolatebar/chocolatebar.nix @@ -26,6 +26,17 @@ in { pub-solar.core.hibernation.resumeDevice = "/dev/dm-0"; pub-solar.core.hibernation.resumeOffset = 115075072; + age.secrets."drone-runner-exec-config" = { + file = "${self}/secrets/drone-runner-exec-config"; + mode = "400"; + owner = psCfg.user.name; + }; + + pub-solar.docker-ci-runner = { + enable = true; + runnerVarsFile = config.age.secrets.drone-runner-exec-config.path; + }; + services.openssh.openFirewall = true; networking.firewall.allowedTCPPorts = [443] @@ -54,7 +65,6 @@ in { owner = psCfg.user.name; }; pub-solar.sway.vnc.enable = true; - pub-solar.ci-runner.enable = true; home-manager.users."${psCfg.user.name}" = { xdg.configFile = mkIf psCfg.sway.enable { diff --git a/secrets/drone-runner-exec-config b/secrets/drone-runner-exec-config index 0b7e2e90f9870e3a7e0d2c45b6afe91bfe3c335e..e240a7e9a3881ce3507047cf5b1279f99b4541fe 100644 GIT binary patch literal 2570 zcmYk*NyzjD9mjDmiUg__q*YM*s0Rz-aVC>xCR(f6CVM8!WW}~-pJX!GGg%~-c%qs$u4L?Pk=QvqAq{7Nf90^jL) zRv);~seFO44HXUzdU)SFEZ*=epf<>5)cT={s6V#@98dJ>tv0HKN$FeeSX zb_p!1LRdjKWmgLA0-gdUW+0OW?Wv=K#X4kFX&Y*RR^zNy(q2jAPU=(G(G%z$v=0tr zRJ!Y=A;scY@dH3HLTE>PF2zbkhSv5Z!kcg)^A;RrRz3SWQl`D`e4R?Z_XWQ*;6Y?d zs=*uoy3wToV1hkC=8L=PnF>RD%uR2-Ih$+~h&9Ke#KH$BP|r+^Q<_Qk8uqX(3Nk?F)xl2* zK=&BVAOwTJ)XR=rH{81OvBdR{qN6WXcyvcxBG?HlkGr=W$I%8wA^hf88n&q2cnM#y zgKte@?jp^mN7l3!@?k|n1KMZ<=`55qct@yB*T6;DEC+XQZbo)XSF*|S)PBRZ0lnRF zX0Q|xX|`sS?mM@7d+n`ic9EY2DPWUZ9_GfuR`gB|t|#z<7I7-6XTeG!KVT`6Llv@1 z+G?FD(cT)MjY|51JfbX3wWk=UrCHldfe~YSGsYr8ys&W;tA~wR4LO`r0e+s4lNy>e zMJ(cZB?WXq$hPgsj!c=?7TD#4#3XDe7lp@$Q0bSrtOOQosjI^>yFK1-O{wFBv0Cs8 zq-_=s*ZQU7U73-q>n;N>sx4!1dznx3cG}NKGAfwShID;^g3{j>`QU^^3CHU?v{u7r zoA2G_60Zu2>V=aiXF%>SQkY7VML9cGNx4gqkwUj^vuuKK=A5SoY8@+n=;Cyqcktaa zCM%nO6y7+n=B@+SaFoFESm33(K=jmM_;R>t@ruw-yKMrxK}=@SmQf+x7ah&SN`5Kj zGLa>-k&o611{9`T%?UlWnsz$P#-?dC3#PW(`a%_o!MLU2<|8iRzKTiREV1Y7G2Uu{ ztFgV|&>RC8TSL=yGh2g;?q#_cq86D1o)cSAA&#l;G-44V`vpVi$g>v)COCE%8~D!c zoHasL0CGIS$wd_)`0SN5-S;54g0e2BMUscM=z5YfGt|?gd?_&IptR@1iiR*&7s0x8 zIc);O@aSNax3nsBEV!VK65a&cSSF{fqf0BKtCI<$LBxP?&aqsABF_AA2ade0U#u-- z0s2J)M;uayUN(hkW$oqAvd`R+P&eANV`3OFOM^Qi)aHMV->zmu`8zSau_()8hkcD{ zw%g}JH7Sj#hZmlcDyh-O!HuCz*L)e$5dh9Xfn|HbIH{?_Y`no0B74{(xT)_~nA7u2 zwhC5hF<*)QuV#~`f;|G5Y*&5XCn<`vY}2cupDq#;8)#_4a7y6C)jaM_DUrliUK?zb zTg*drDg?;$0t`Ryfm1@$t0KNmXS58DZI2w!Hf}HeRcLr*Rj!g&Men|xYam1wPqbgU za0R=&>z?84hJZ$ZY7#azH^eILQ({0EId{8yxzrsrSc+|5Z5n4*xE1UtUz#av2$&3u zK>ToM;uCviF2G*Fix7p-OpdSI8umqFMEVJ>ao68i%f81)*oA{ii3H1BSG`Z+lj+pz zDO#_@c6Ya$b5`og9L7|x|dx#msc%<&V6gHX|}L6{h%WoYvL=^_qofJz6?V)Q4Aa$ zqqLm?MlzjNhss*9w=B4sNU%#ib?ylWDQON(I!L%aw@xi(r9LKCv<*H4zBB zMFZt-(>C_I_~!Owj|Uf8K>#CS2uo^$1ut4B97X9a2yTrzxStqgM0W_s$FPCgR|<;mloP#?TUWt?bkjGj6aXJln)bR{YTt?NJz^nD%GTM1b4d z+nbt{2`nQ`k&Y*HlSveU=OkEkIl9glYep1kLDf`F>azw!531jI?D^N6C+@xHf$u!? zK>zA1FZ|_-6=Z`;nvbgX5M_)g`?}6WHH}7Qr^pl*x!~eYe y@sNX#9>h?NU29jBprO{TrMvc}t0HQ3cWvFZuicef2#6xV z1wD9B5fMBHA!uACn2=!1ArOtrB@kmYIT$dWjHnT34s&~#_x{8CKK?L?u0`d(z0`eH zm7l2EWHG|PwNGE|y7XGxg;!4kXF)U|>V_0J#;nnj92#qMSQUa&d0vTT@}~9rbs1My z5z_l3eUiZJm^)=kxGKE{k>x^FQs4+{aEM#M*|eLKhx`j!$0v0Xy5Q8Tt4SYQXV}T- zxTsqh-4h&mtfR!A)Nm0DQ@h>+3?Z-2J6@PIWCN01jA$ytod$bd5xd&o#M^U~pfkME zRdg(Bn!e!6Ehgb7C(7bJ;d`JFr~wvv@t96kgid&R#E&Fohf9{WRyj@+5W^f77F+O~ zm}jfNmjw10TJb2OWlHf&fPnXmj(F8L6oS4`g;Rt>rya&Q+Te42kFi7`PACMGXNbvF z`-G=mJ+J4*L5uPQg^9qzgik5Bw3SnqUSP=&Q70D$#4!^#q|mKK?N@F{=n8sL*^MaR z0xcc4Z8HY$4%+YK7GT_NJbB6Lh$zf}fDT55f=Br!IT59tq2kCiZOtnlVQw#iJu9W< z?{l&t?IK|DN=O0C)`W;u9D*qQ{j$8Vzc0I)y+9Z%(WRj9pm2g=t<*e zLUHn~sRFD!K^LgbH3Rc6Mmw-6*v~q%WM*jXm(h7=6dS8fHoZyl87OQirDr=zPyDmH z*JYmr;B+AtCr+oz^AMaD1BQoagH`A{cCsT+q(K&x-dt}h0lUR-z1%T1_E?KBsN>j3an!IpeKXwLRezQ z{BesYDUO3ZH!C=$`-G?hn7m|oP}N9?IT@IgYh&JE){vg$G|Vu))Xljt=)j6tLoSaj zLY)t`oa3izwXcJXJpnP-Y@omcK z>{N=jO1?qc3>az&p+)>s7!=<^zMVUEIbbbB*jR)4^8%Y?aLKOO!R zcQ^s8)C!oP(Aff|H(Is}s(NrVQf*B(CW17URS`X|(YcP3TO8lA24O=|Nv?|JC=_RO z7I`-|ms=LCje;*l2IUU1CArv0Vu#w(S10tQHIs(qi(#_(l@}mfvkIWp@Dx}j*O23F zBQ(*Y&9};Ta&g;vk6(9Jw*?35Ho%J9b$O<#}4oBTDu$Nc&bmN;roeEX62% z%HgKI&k&d9#yyGydDrh)cvqU4^<*q7vK+@$mA4(0mqQ40)u@7paTJk2 zF459h1w$d8b3lYpI}}z2Sp~r@oKMXf#B-`cyvqudgypgBm(gPOwxpfVdk5U8#72Yk zJzUB2Xp;^BL_t_}zAvxw5WaNY+AR2~(kV+w{Gg9w&C1XmI#I@O&N78}g|eociDjjE zHd<1Z96(B)2;RmL)^Wmepv56R>?f=}+i`j1T~o`7bcjN6kDr^@Yo~JE5CpH{eOB`WgmFvwkIF_{L4?heEY9nedE~=z5D%N zd-b8G?t7{G^4-L1SNgl!>(BiBmA`H8yYd0sJ$?TN)bOSy-|-dfXNQk|`w9HR?|kx= zJKuZd`5*nVedvYTZcoPU`R1P6o|vC^U24J*B<=X zz51;mzUQC+z4y7-{}BE9Ge7y%