diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml
deleted file mode 100644
index 3452ff1..0000000
--- a/.github/workflows/nix.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-name: "Nix"
-on:
- push:
- branches:
- - master
- pull_request:
-jobs:
- tests:
- runs-on: ubuntu-20.04
- steps:
- - uses: actions/checkout@v2
- - uses: cachix/install-nix-action@v14
- - uses: cachix/cachix-action@v10
- with:
- extraPullNames: nixpkgs-update
- name: nix-community
- signingKey: ${{ secrets.CACHIX_SIGNING_KEY }}
- - run: ./ci.sh
diff --git a/build04/configuration.nix b/build04/configuration.nix
index e45ab7e..4559a56 100644
--- a/build04/configuration.nix
+++ b/build04/configuration.nix
@@ -3,6 +3,7 @@
imports = [
./hardware-configuration.nix
../roles/common.nix
+ ../roles/hercules-ci.nix
];
nixpkgs.system = "aarch64-linux";
diff --git a/build04/secrets.yaml b/build04/secrets.yaml
new file mode 100644
index 0000000..5e9abd2
--- /dev/null
+++ b/build04/secrets.yaml
@@ -0,0 +1,54 @@
+cluster-join-token.key: ENC[AES256_GCM,data:bOXOuVXL73Eo6eXYWDkf4+ExsZIWAiT/kXw6CJDIYuHdJC8UgnFbVLQ0f4sUyVlOLBuiV5O4jF/t+y2dAmodWSnP4z+zEON7KHIKzfapQ1NNZNegECRvotCLKrEVOWN/AFq3SLPdz73W2rxxmCGpmpy5ZVaB86mjTr1PrLxhiYqhwLM5H9XyMqj8hMFdBC5Pg3Xomy2t2QJxOGSMEN+lhAv+4zrQbXcM3GcLRqDMnQPubdzF60OjXrRarnYWlkjNoykVJMqZIYruV3MSpoSZLWfrTcne+shBy1z3K9F8TaSdR21ImveQbnzdAg==,iv:+nVYGLaWh6o2lL4bwSkluXCGMnPv6QbzqR/OSX7MSJ0=,tag:Tonx6606mz/93ghfSbti5Q==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age:
+ - recipient: age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZaG01U0RDNUF3RkFBRWc1
+ SHBSZlhuNE12TG9iVk9mUFlCN0RJL29iWWljCjNFVERBQmFCUDVBdnRDRTdZMjVK
+ Ynl0ay9jeGJwdWVEem12UGsvbzQwVm8KLS0tIEZEWTVpcERtS1FFNGlvYUMzeWM0
+ WENrK2kwaEg3NWlsZHJwRzh6Um5rVVkKUpYeDlrRd3UbBiuhhC4wg0oRXHGfrfBX
+ UXBHkyrkBCXpCEff8O05kzUS5+BBsvNyocftDwg83Vjs6gzJwKJD/Q==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFT0pXNG5KMlJqNlA0em1u
+ YmdYTEJESVlDM1FRSWdkK0xkb2trVXJDTGswCjJxU2Uzd1p1RytJR1RSREEraklL
+ c3NxTmdrME9KZjB3bmxHMlowb00xbmMKLS0tIFFrU1ZWdDN5eVBySzRZdERZcnVv
+ RzZ6MENZcXFwdzNuYmhZQ0tueGEzNDQKkIhuKZp4GwZz5EtHIagBmGay67NQJ6i8
+ XLNV5z2JdXWtm1JyPwmbHs4aaDnGc0+41dmSnLy8Lf5UEgrp5DWD9A==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age1vr4suv4lhtt8f59s25eukdfk67j7av72gvj7sk7ux6thusct3utqmn3pmf
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSNHBQWmVSOEwyalZsZ2V5
+ YXpOMjcyMVJra2UvYXFPRkxPT1o5OWhsTzBnCmhWNjBRRlp3ZHVGRGJHUEpnSjVN
+ RzdoaWUwcWdKYW5BWEEyLzJSMXN5Nk0KLS0tIDh4SjFoMEZJZHA3MjBsRTNucndT
+ cXAramZQYyttekZvajdwMHM0akpiVkEKRPAioKQ+esJBeb9I6WxQYNMuVg120TEL
+ wWcGaJlUguxfncTKHguivgPyyV9F3Eq2e+qhDXlggdY2P++7oKSLGg==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2021-11-12T09:02:24Z"
+ mac: ENC[AES256_GCM,data:Fa49lkMx3v2J5q0Dwo9XXcumNT3loD2wj2JLUmFSYxrfp8+aVeYFCdh3X7zQaKdCwrB4mNm2wOHt4wf1eYZlniAxTL4dvHLlDIs2MRZ6ztJqWwpzjTA/K6zqfDEw8OLGWzJRA2FSysksZ3AWfpQkxdJ67fdFQRJSFrU9bEa0xjM=,iv:ALWCvg0BQu/PNlZrfB+7UAZiJtzUgd5RcziIoLA/W8M=,tag:rGlTzESHLYyOd1mtt1v2dA==,type:str]
+ pgp:
+ - created_at: "2021-11-12T09:02:18Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQEMA3tEuTsG48KkAQgArnGUQxLamrnKQQfU/N4hZ2ztnfvS/CzOT1jGnTWsZDua
+ awNX5kJ+Iq9f/Qfj80oeT4wJkytKXp1Bm0bIMsHGFmP3GO5ZplWankrwPqskcEKZ
+ EIcDzWCr7SHhKN3aNHq45qAE7sv7vL435BvKxL7E4pkJ9M3UiOV6NqbQYGyoePki
+ qBXfuuuhYZ09/U7GYB4ee6+pK1SePz/ybDdPdlRuLrj4ALSZySY394eK2nVHkbF0
+ mAhLjLWzMkldc9Pof8P4ucX8QXWCPRZLRa75RPVGYDIqAC8hjcRyfvHir2EGgL94
+ t9zwkFyvFfpplnjCYXuYCMZeLgu2iHfCCCouo4IqtNJcASh3Njmt/LKPzyHQmWQt
+ P5dKA/V7/oZR6rQ4sZYg+55reAfqZOLQg0VJG2Jbd6a5adUFs/KrxLyVFDr7xj/1
+ uhw77vSXEHIHfMJUbIzf0iibLNxd74ioktxjmvw=
+ =unIX
+ -----END PGP MESSAGE-----
+ fp: 260353B993F8CE16752EF48C71BAF6D40C1D63D7
+ unencrypted_suffix: _unencrypted
+ version: 3.7.1
diff --git a/default.nix b/ci.nix
similarity index 76%
rename from default.nix
rename to ci.nix
index 1acd3eb..5ac4849 100644
--- a/default.nix
+++ b/ci.nix
@@ -13,6 +13,8 @@ pkgs.nix-community-infra // rec {
build01-system = build01.system;
build02 = importNixOS ./build02/configuration.nix "x86_64-linux";
build02-system = build02.system;
- build03 = importNixOS ./build02/configuration.nix "x86_64-linux";
+ build03 = importNixOS ./build03/configuration.nix "x86_64-linux";
build03-system = build03.system;
+ build04 = importNixOS ./build04/configuration.nix "aarch64-linux";
+ build04-system = build04.system;
}
diff --git a/ci.sh b/ci.sh
index 220f7cc..9a8d8fa 100755
--- a/ci.sh
+++ b/ci.sh
@@ -2,4 +2,4 @@
# Run this command to reproduce CI
set -euo pipefail
cd "$(dirname "$0")"
-nix-build --no-out-link
+nix-build --no-out-link ci.nix