modules/shared/community-builder: move secrets to sops

This commit is contained in:
zowoq 2024-12-19 10:24:55 +10:00
parent 6528e6f959
commit 518f527936
6 changed files with 94 additions and 33 deletions
modules/shared

View file

@ -26,13 +26,15 @@
'';
age.secrets.community-builder-nix-access-tokens = {
file = "${inputs.self}/secrets/community-builder-nix-access-tokens.age";
sops.secrets.community-builder-nix-access-tokens = {
sopsFile = "${inputs.self}/modules/secrets/community-builder.yaml";
mode = "444";
};
# fine-grained, no permissions github token, expires 2025-10-29
# from `nix-community-buildbot` (user account, not the github app)
nix.extraOptions = ''
!include ${config.age.secrets.community-builder-nix-access-tokens.path}
!include ${config.sops.secrets.community-builder-nix-access-tokens.path}
'';
# useful for people that want to test stuff