hosts/ude: add github-runner module

2024-02-10 20:00:54 +01:00 · 2024-02-10 20:00:54 +01:00 · d26b96d770
commit d26b96d770
parent a38d069999
4 changed files with 39 additions and 0 deletions
--- a/hosts/ude/default.nix
+++ b/hosts/ude/default.nix
@ -8,6 +8,7 @@
    imports = [
      "${modulesPath}/profiles/qemu-guest.nix"
      ./disks.nix
+      ./github-runner.nix
    ];

    nixpkgs.hostPlatform = "aarch64-linux";
--- a/hosts/ude/github-runner.nix
+++ b/hosts/ude/github-runner.nix
@ -0,0 +1,27 @@
+{config, ...}: let
+  github-runner-user = "github-runner";
+in {
+  age.secrets.github-token = {
+    file = ../../secrets/github-token.age;
+    owner = github-runner-user;
+  };
+
+  services.github-runners.settei = {
+    enable = true;
+    tokenFile = config.age.secrets.github-token.path;
+    url = "https://github.com/nrabulinski/settei";
+    ephemeral = true;
+    user = github-runner-user;
+    serviceOverrides = {
+      DynamicUser = false;
+    };
+  };
+
+  users = {
+    users.${github-runner-user} = {
+      isSystemUser = true;
+      group = github-runner-user;
+    };
+    groups.${github-runner-user} = {};
+  };
+}
--- a/secrets/github-token.age
+++ b/secrets/github-token.age
@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 IFuY+w UcPjVl8nIr6sgfsxOrYmgi46rAsfdCRy9iTGkQAOaSE
+vKislIP2yoQahKTpAE0d8P3ZdyyCHThy4u6vshtOQAI
+-> ssh-ed25519 GKhvwg 2ZS+VXjZFBj3n9RoJD8Ynn6Rur6Abs5loOtebFIang0
+/47vHgkd8KPnM1sPWjqFDSdTk3LiUQNmO9X0HodHjS8
+--- MBuCzebM317ShOJsMaGMdUR83avwx/Ig84l1q2Fv6Ng
+Îå0“ÅË€©C¥;¨d-ŽûÒ”1
À"%?<02>WèÝÞb®Q%Ž¤kàœWU3}º‚-µyM,ƒ@ô‡_¡â\‘ QU§oPmJ
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -55,4 +55,8 @@ in {
    keys.system.kazuki
    keys.other.bootstrap
  ];
+  "github-token.age".publicKeys = [
+    keys.system.ude
+    keys.other.bootstrap
+  ];
 }