added hydra sshkey to sops

This commit is contained in:
emily 2024-05-14 14:17:53 +02:00
parent ca8cbecec6
commit e3ec78b937
Signed by: snaki
GPG key ID: F6F4C66207FCF995
3 changed files with 15 additions and 6 deletions

View file

@ -1,4 +1,4 @@
{ config, inputs, ... }: { { config, ... }: {
imports = [ imports = [
./nix-config.nix ./nix-config.nix
]; ];
@ -6,6 +6,10 @@
owner = "hydra-queue-runner"; owner = "hydra-queue-runner";
sopsFile = ../../../secrets/services/hydra.yaml; sopsFile = ../../../secrets/services/hydra.yaml;
}; };
sops.secrets."services/hydra/id_ed25519_hydra" = {
owner = "hydra-queue-runner";
sopsFile = ../../../secrets/services/hydra.yaml;
};
services.hydra = { services.hydra = {
enable = true; enable = true;

View file

@ -1,4 +1,4 @@
{ ... }: { { config, ... }: {
nix.buildMachines = [ nix.buildMachines = [
{ {
hostName = "localhost"; hostName = "localhost";
@ -7,7 +7,7 @@
speedFactor = 40; speedFactor = 40;
systems = [ "x86_64-linux" ]; systems = [ "x86_64-linux" ];
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
sshKey = "/var/lib/hydra/id_ed25519"; sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
} }
{ {
hostName = "integra.kyouma.net"; hostName = "integra.kyouma.net";
@ -16,7 +16,7 @@
speedFactor = 8; speedFactor = 8;
systems = [ "aarch64-linux" ]; systems = [ "aarch64-linux" ];
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
sshKey = "/var/lib/hydra/id_ed25519"; sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
} }
]; ];
nix.settings = { nix.settings = {
@ -27,7 +27,11 @@
"https://" "https://"
]; ];
}; };
users.users.hydra-queue-runner.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras"
];
programs.ssh = { programs.ssh = {
knownHosts."integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU"; knownHosts."integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
knownHosts."localhost".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNVavo3YHVsrYwXRVISu7kDoknn+5inFGySn4azlB8P";
}; };
} }

View file

@ -1,6 +1,7 @@
services: services:
hydra: hydra:
signKey: ENC[AES256_GCM,data:WbGyQtlko04eCXP5duAVbgbMHSQ8wNrCHuS0+M29l/9LJjm8E7wps2ogy5S5jH+5etkwIj2m7d+xFci1IE9a2ERVs4qrFmfx8mikuF/+iIewJuaOOJcHcrUtYto5RxiFjYb9ooG7ktfy,iv:FvNRBY/aZnJ8z/wSYhsZLiq8h25WYvXB/zL9+4qQR7o=,tag:hU6i64XZH/1JDJzDHbiuXQ==,type:str] signKey: ENC[AES256_GCM,data:WbGyQtlko04eCXP5duAVbgbMHSQ8wNrCHuS0+M29l/9LJjm8E7wps2ogy5S5jH+5etkwIj2m7d+xFci1IE9a2ERVs4qrFmfx8mikuF/+iIewJuaOOJcHcrUtYto5RxiFjYb9ooG7ktfy,iv:FvNRBY/aZnJ8z/wSYhsZLiq8h25WYvXB/zL9+4qQR7o=,tag:hU6i64XZH/1JDJzDHbiuXQ==,type:str]
id_ed25519_hydra: ENC[AES256_GCM,data:7dmdHA/bLBQunNjaCwT1zb2CmuLVdUiFunkGpaGJXvnzHsVnWOdy9O5p+zIAiGeg3awNjn8jlH9KJiUk5W5X55caPlhDnFOhx77zW684vJAWViHK3Iu84XJ/sL33a547c4lLPgT5dLTMY4JDtNQCk0hV1BdsRwU9rpDvkuGaT2mewu8xCpyueV++wwDfy6e3HXRxPlXHkvE77FCFgDXW5tCH/q+UDOS59WkERT8SFwy8t1ILTUt07rdyhIQmykPo5nPatrPuV9TD/60R9pcxA6w88HeZzi36q3GfJVEKJ/MdFdzvShX1ayhfojVkCRptMxwyu/9MYigqvENgOvnV6N+0JKbJWpkDUldUUEFCZFl2EAoSVb+QGP3S6Bro5x2b3AjHRDW5fUmldEQQUDG6UO+zbXnUeziH2kairqrQAj4UMyZSumiLV3P9d3LYZy7wCza68lklcupbhap5lxgXJhNAz1ScHOPgzQpmLw0bxiLDX1oHhPPZtBNc3t4wGlQyNuKUTXzhrn3L5dBdSmZ3,iv:Ftw3hBUcvY/nW9LiBFUbhHOpv7KIbkdEcIp3Si4oM1Q=,tag:QqUDYFcJ6bq2l2Q09klXdQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -16,8 +17,8 @@ sops:
enBjbHhJS1hqRGF2QUF1azNJdk9yUDAKJ1TY0Pybp54zh6KQ1kJQrcJeT91F4QKQ enBjbHhJS1hqRGF2QUF1azNJdk9yUDAKJ1TY0Pybp54zh6KQ1kJQrcJeT91F4QKQ
YpeRMwHR+QIuXF37MXuWKtIsRmcPAC+dCi4LZFmXUjX0yUwA0K8juQ== YpeRMwHR+QIuXF37MXuWKtIsRmcPAC+dCi4LZFmXUjX0yUwA0K8juQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-11T09:08:54Z" lastmodified: "2024-05-14T12:01:05Z"
mac: ENC[AES256_GCM,data:0bz8sifK6lwpLI7GYsLneXPw7f+bnskHdtzECKz9p7x+lMBz/LP+dSz9VOnULKI8b+Xk9YCWAqZuJyjeahsZji0QGLB/BSxo7FLjiWPpjwas0zBNqNwP10M9ZPtTEDTazzwT/MF7LZtypL6u66RORgSkLK47FcZoVKJjZDKBP4c=,iv:G9lAoE5vjSlWTHTd74/LIgLO85HdExCIDZz8giJr4ho=,tag:67ZHrw+SS/Nwrc+xRVfySw==,type:str] mac: ENC[AES256_GCM,data:CvaqYz0wwU0i9tQ6DoLJwAfX5+IuPtnoc0tRtYAe1dLhszDqSv+VXRYtjwoM5jAIpYcHTN6w90pZkDXNEtluHDSmy1WlDEGhRo/rMuVi12le7iTPZ6G380/bUrE4PqKxYo6Kg2esAXZTXFdM0Om1oqcBfOywrCOPpx1ioIOxEQ8=,iv:l++0F1jTIjcqXUAKF5N63PJtNZgUeRQT7H3FV87/nZA=,tag:icTc376kY2+CPLtnvlaUUA==,type:str]
pgp: pgp:
- created_at: "2024-05-10T18:05:16Z" - created_at: "2024-05-10T18:05:16Z"
enc: |- enc: |-