modules/shared/community-builder: add github token to nix.conf
This commit is contained in:
parent
d56f267bdf
commit
0682c61186
3 changed files with 24 additions and 1 deletions
|
@ -1,4 +1,10 @@
|
||||||
{ lib, pkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
|
inputs,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
options.nixCommunity.motd = lib.mkOption {
|
options.nixCommunity.motd = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
|
@ -20,6 +26,15 @@
|
||||||
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
age.secrets.community-builder-nix-access-tokens = {
|
||||||
|
file = "${inputs.self}/secrets/community-builder-nix-access-tokens.age";
|
||||||
|
mode = "444";
|
||||||
|
};
|
||||||
|
|
||||||
|
nix.extraOptions = ''
|
||||||
|
!include ${config.age.secrets.community-builder-nix-access-tokens.path}
|
||||||
|
'';
|
||||||
|
|
||||||
# useful for people that want to test stuff
|
# useful for people that want to test stuff
|
||||||
environment.systemPackages =
|
environment.systemPackages =
|
||||||
[
|
[
|
||||||
|
|
BIN
secrets/community-builder-nix-access-tokens.age
Normal file
BIN
secrets/community-builder-nix-access-tokens.age
Normal file
Binary file not shown.
|
@ -11,13 +11,21 @@ let
|
||||||
|
|
||||||
inherit ((import ../modules/shared/known-hosts.nix).programs.ssh) knownHosts;
|
inherit ((import ../modules/shared/known-hosts.nix).programs.ssh) knownHosts;
|
||||||
|
|
||||||
|
build01 = knownHosts.build01.publicKey;
|
||||||
build02 = knownHosts.build02.publicKey;
|
build02 = knownHosts.build02.publicKey;
|
||||||
build03 = knownHosts.build03.publicKey;
|
build03 = knownHosts.build03.publicKey;
|
||||||
build04 = knownHosts.build04.publicKey;
|
build04 = knownHosts.build04.publicKey;
|
||||||
|
darwin01 = knownHosts.darwin01.publicKey;
|
||||||
darwin02 = knownHosts.darwin02.publicKey;
|
darwin02 = knownHosts.darwin02.publicKey;
|
||||||
web02 = knownHosts.web02.publicKey;
|
web02 = knownHosts.web02.publicKey;
|
||||||
|
|
||||||
secrets = {
|
secrets = {
|
||||||
|
# fine-grained, no permissions github token, expires 2025-10-29
|
||||||
|
# from `nix-community-buildbot` (user account, not the github app)
|
||||||
|
community-builder-nix-access-tokens = [
|
||||||
|
build01
|
||||||
|
darwin01
|
||||||
|
];
|
||||||
grafana-client-secret = [ web02 ];
|
grafana-client-secret = [ web02 ];
|
||||||
hercules-binary-caches = [
|
hercules-binary-caches = [
|
||||||
build03
|
build03
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue