diff options
Diffstat (limited to 'hosts')
| -rw-r--r-- | hosts/atlas/default.nix | 16 | ||||
| -rw-r--r-- | hosts/p-body/default.nix | 12 | ||||
| -rw-r--r-- | hosts/p-body/hydra.nix | 1 |
3 files changed, 28 insertions, 1 deletions
diff --git a/hosts/atlas/default.nix b/hosts/atlas/default.nix index 11db15e..0146b72 100644 --- a/hosts/atlas/default.nix +++ b/hosts/atlas/default.nix @@ -1,6 +1,7 @@ { config, pkgs, + self, ... }: { imports = [ @@ -19,6 +20,13 @@ hermetic = false; }; + age.secrets.authGH = { + file = "${self}/secrets/hosts/${config.networking.hostName}/authGH.age"; + mode = "440"; + owner = config.users.users.root.name; + group = config.users.groups.wheel.name; + }; + boot = { binfmt.emulatedSystems = ["x86_64-linux" "i686-linux"]; cleanTmpDir = true; @@ -35,7 +43,13 @@ hostName = "atlas"; }; - nix.settings.trusted-users = ["bob"]; + nix = { + extraOptions = '' + !include ${config.age.secrets.authGH.path} + ''; + + settings.trusted-users = ["bob"]; + }; system.stateVersion = "22.11"; diff --git a/hosts/p-body/default.nix b/hosts/p-body/default.nix index e303e36..e4368b4 100644 --- a/hosts/p-body/default.nix +++ b/hosts/p-body/default.nix @@ -3,6 +3,7 @@ guzzle_api, modulesPath, pkgs, + self, ... }: { imports = [ @@ -25,6 +26,13 @@ hermetic = false; }; + age.secrets.authGH = { + file = "${self}/secrets/hosts/${config.networking.hostName}/authGH.age"; + mode = "440"; + owner = config.users.users.root.name; + inherit (config.users.users.hydra) group; + }; + getchoo.server.secrets.enable = true; networking = { @@ -32,6 +40,10 @@ hostName = "p-body"; }; + nix.extraOptions = '' + !include ${config.age.secrets.authGH.path} + ''; + services = { guzzle-api = { enable = true; diff --git a/hosts/p-body/hydra.nix b/hosts/p-body/hydra.nix index 115e077..5ed44e2 100644 --- a/hosts/p-body/hydra.nix +++ b/hosts/p-body/hydra.nix @@ -55,6 +55,7 @@ in { nix.settings.trusted-users = ["@${hydraGroup}"]; users.users = { + ${hostName}.extraGroups = [hydraGroup]; hydra-queue-runner.extraGroups = [hydraGroup]; hydra-www.extraGroups = [hydraGroup]; }; |