Skip to content

Commit

Permalink
modules/shared/community-builder: add github token to nix.conf
Browse files Browse the repository at this point in the history
  • Loading branch information
zowoq committed Oct 30, 2024
1 parent cf861eb commit 5c55e11
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 1 deletion.
17 changes: 16 additions & 1 deletion modules/shared/community-builder.nix
Original file line number Diff line number Diff line change
@@ -1,4 +1,10 @@
{ lib, pkgs, ... }:
{
config,
inputs,
lib,
pkgs,
...
}:
{
options.nixCommunity.motd = lib.mkOption {
type = lib.types.str;
Expand All @@ -20,6 +26,15 @@
'';

age.secrets.community-builder-nix-access-tokens = {
file = "${inputs.self}/secrets/community-builder-nix-access-tokens.age";
mode = "444";
};

nix.extraOptions = ''
!include ${config.age.secrets.community-builder-nix-access-tokens.path}
'';

# useful for people that want to test stuff
environment.systemPackages =
[
Expand Down
Binary file added secrets/community-builder-nix-access-tokens.age
Binary file not shown.
8 changes: 8 additions & 0 deletions secrets/secrets.nix
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,21 @@ let

inherit ((import ../modules/shared/known-hosts.nix).programs.ssh) knownHosts;

build01 = knownHosts.build01.publicKey;
build02 = knownHosts.build02.publicKey;
build03 = knownHosts.build03.publicKey;
build04 = knownHosts.build04.publicKey;
darwin01 = knownHosts.darwin01.publicKey;
darwin02 = knownHosts.darwin02.publicKey;
web02 = knownHosts.web02.publicKey;

secrets = {
# fine-grained, no permissions github token, expires 2025-10-29
# from `nix-community-buildbot` (user account, not the github app)
community-builder-nix-access-tokens = [
build01
darwin01
];
grafana-client-secret = [ web02 ];
hercules-binary-caches = [
build03
Expand Down

0 comments on commit 5c55e11

Please sign in to comment.