working towards woodpecker

2022-12-21 21:42:06 +10:00
parent d2252ae1fe
commit 3bea51a834
4 changed files with 17 additions and 4 deletions
@@ -19,6 +19,7 @@
    ../profiles/wallabag
    ../profiles/finance
    # ../profiles/archivebox
+    ../profiles/woodpecker-agent
  ];

  # For some reason this doesn't work in the profile, but does over here??
@@ -1,12 +1,15 @@
+{ pkgs, config, self, ... }:
 {
-
  users.users.woodpecker-runner = {
    isSystemUser = true;
    group = "woodpecker-runner";
  };
  users.groups.woodpecker-runner = { };
  # Allow the exec runner to write to build with nix
-  nix.allowedUsers = [ "woodpecker-runner" ];
+  nix.settings.allowed-users = [ "woodpecker-runner" ];
+
+  age.secrets.woodpecker-agent-secret.owner = "woodpecker-runner";
+  age.secrets.woodpecker-agent-secret.file = "${self}/secrets/woodpecker-agent-secret.age";

  systemd.services.woodpecker-runner-exec = {
    enable = true;
@@ -55,7 +58,7 @@
        "/nix/"
      ];
      EnvironmentFile = [
-        # /run/agenix/woodpecker-agent-secret
+        /run/agenix/woodpecker-agent-secret
      ];
      ExecStart = "${pkgs.woodpecker-agent}/bin/woodpecker-agent";
      User = "woodpecker-runner";