Switch the forgejo-actions-runners secret mngmt from colmena to sops-nix

2024-05-26 02:50:08 +02:00 · 2024-05-26 02:50:08 +02:00 · 361ccac69f
commit 361ccac69f
parent 88e3da11a6
6 changed files with 265 additions and 10 deletions
--- a/config/hosts/forgejo-actions-runner/forgejo-actions-runner.nix
+++ b/config/hosts/forgejo-actions-runner/forgejo-actions-runner.nix
@ -12,19 +12,15 @@
      enable = true;
      name = "Global Docker Forgejo Actions Runner";
      url = "https://git.hamburg.ccc.de/";
-      tokenFile = "/secrets/registration-token.secret";
+      tokenFile = "/run/secrets/forgejo_actions_runner_registration_token";
      labels = [ "docker:docker://node:current-bookworm" ];
    };
  };

-  deployment.keys = {
-    "registration-token.secret" = {
-      keyCommand = [ "pass" "noc/services/forgejo-actions-runner/registration_token" ];
-      destDir = "/secrets";
-      user = "gitea-runner";
-      group = "gitea-runner";
-      permissions = "0640";
-      uploadAt = "pre-activation";
-    };
+  sops.secrets."forgejo_actions_runner_registration_token" = {
+    mode = "0440";
+    owner = "root";
+    group = "root";
+    restartUnits = [ "gitea-runner-ccchh\\x2dforgejo\\x2dglobal\\x2ddocker.service" ];
  };
 }