titaniumtown/server-config
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ci: add git-crypt unlock for server-config build-time secrets
Some checks failed
Build and Deploy / deploy (push) Failing after 15m15s

Browse Source
This commit is contained in:
Simon Gardling
2026-03-30 21:14:54 -04:00
parent ed7fda31fe
commit a6c40df359
3 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitea/workflows/deploy.yml
View File

@@ -13,6 +13,10 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Unlock git-crypt
run: |
git-crypt unlock /run/agenix/git-crypt-key-server-config
- name: Build NixOS configuration - name: Build NixOS configuration
run: | run: |
nix build .#nixosConfigurations.muffin.config.system.build.toplevel -L nix build .#nixosConfigurations.muffin.config.system.build.toplevel -L

8
modules/age-secrets.nix
View File

@@ -144,6 +144,14 @@
group = "gitea-runner"; group = "gitea-runner";
}; };
# Git-crypt symmetric key for server-config repo
git-crypt-key-server-config = {
file = ../secrets/git-crypt-key-server-config.age;
mode = "0400";
owner = "gitea-runner";
group = "gitea-runner";
};
# Gitea Actions runner registration token # Gitea Actions runner registration token
gitea-runner-token = { gitea-runner-token = {
file = ../secrets/gitea-runner-token.age; file = ../secrets/gitea-runner-token.age;

BIN
secrets/git-crypt-key-server-config.age Normal file
View File

Binary file not shown.