hackclub/burrow
1
0
Fork 0
Code Pull requests Releases Packages Activity Actions

Wire runner caches and forge secrets through agenix
Some checks failed
Build Rust / Cargo Test (push) Waiting to run
Details
Build Site / Next.js Build (push) Waiting to run
Details
Build Apple / Build App (iOS Simulator) (push) Failing after 14s
Details
Build Apple / Build App (macOS) (push) Failing after 13s
Details

Browse source
This commit is contained in:
Conrad Kramer 2026-03-19 00:04:27 -07:00
parent afc3e79eb0
commit ed247b2f5e
20 changed files with 299 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

18
nixos/hosts/burrow-forge/default.nix
View file

@ -20,7 +20,7 @@
services.burrow.forge = {
enable = true;
adminPasswordFile = "/var/lib/burrow/intake/forgejo_pass_contact_at_burrow_net.txt";
adminPasswordFile = config.age.secrets.forgejoAdminPassword.path;
authorizedKeys = [
(builtins.readFile ../../keys/contact_at_burrow_net.pub)
(builtins.readFile ../../keys/agent_at_burrow_net.pub)
@ -29,7 +29,21 @@
services.burrow.forgeRunner = {
enable = true;
sshPrivateKeyFile = "/var/lib/burrow/intake/agent_at_burrow_net_ed25519";
sshPrivateKeyFile = config.age.secrets.forgejoAgentSshKey.path;
};
age.secrets.forgejoAdminPassword = {
file = ../../../secrets/forgejo/admin-password.age;
mode = "0400";
owner = "forgejo";
group = "forgejo";
};
age.secrets.forgejoAgentSshKey = {
file = ../../../secrets/forgejo/agent-ssh-key.age;
mode = "0400";
owner = "root";
group = "root";
};
age.secrets.forgejoNscToken = {