2 files changed, 13 insertions, 0 deletions

diff --git a/hosts/p-body/default.nix b/hosts/p-body/default.nix
index e303e36..e4368b4 100644
--- a/hosts/p-body/default.nix
+++ b/hosts/p-body/default.nix
@@ -3,6 +3,7 @@
   guzzle_api,
   modulesPath,
   pkgs,
+  self,
   ...
 }: {
   imports = [
@@ -25,6 +26,13 @@
     hermetic = false;
   };
 
+  age.secrets.authGH = {
+    file = "${self}/secrets/hosts/${config.networking.hostName}/authGH.age";
+    mode = "440";
+    owner = config.users.users.root.name;
+    inherit (config.users.users.hydra) group;
+  };
+
   getchoo.server.secrets.enable = true;
 
   networking = {
@@ -32,6 +40,10 @@
     hostName = "p-body";
   };
 
+  nix.extraOptions = ''
+    !include ${config.age.secrets.authGH.path}
+  '';
+
   services = {
     guzzle-api = {
       enable = true;
diff --git a/hosts/p-body/hydra.nix b/hosts/p-body/hydra.nix
index 115e077..5ed44e2 100644
--- a/hosts/p-body/hydra.nix
+++ b/hosts/p-body/hydra.nix
@@ -55,6 +55,7 @@ in {
   nix.settings.trusted-users = ["@${hydraGroup}"];
 
   users.users = {
+    ${hostName}.extraGroups = [hydraGroup];
     hydra-queue-runner.extraGroups = [hydraGroup];
     hydra-www.extraGroups = [hydraGroup];
   };