thanatos: setup gitlab-runner

hosts/thanatos/default.nix

@@ -35,6 +35,13 @@ in {
   };
 
   services = {
+    gitlab-runner = {
+      enable = true;
+      services.default = {
+        authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-runner-env".path;
+        dockerImage = "debian:stable";
+      };
+    };
     openssh.enable = true;
   };
 

hosts/thanatos/secrets.nix

@@ -15,6 +15,7 @@
       lib.mapAttrs toSecret {
         "users/alarsyo-hashed-password" = {};
         "users/root-hashed-password" = {};
+        "gitlab-runner/thanatos-runner-env" = {};
       };
   };
 }

modules/secrets/gitlab-runner/thanatos-runner-env.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 k2gHjw naNq55qkAm47KXPJpYFDjVQuxPz2Ffpima5z1WEqRSA
+ETC3Hh4gglwYpiJCu/EGOUzjN3BJYk8yJshMeMkgYug
+-> ssh-ed25519 6UUuZw Azk9jDbUL/nO20lvzs0s36q/4ZcWSpkUbt1J/PE7A2M
+kPKHGLoWHDpFhsRr+CBteWKYsDw0dn/+IKbrh/5qMoE
+--- g1akMn28voSQByQR9/ArJ4CsQehcwJ7MfCco+k2fPWo
+� YMZ���:�{R�^
n~���wPa��h�8�T'hcm�e(���Xx=7���ˢ[��4@b=�&���Y�;���[������߿k�k>�5�4�0�G���̟��Q�����w�

modules/secrets/secrets.nix

@@ -13,6 +13,8 @@ let
 in {
   "gandi/api-key.age".publicKeys = [alarsyo hades];
 
+  "gitlab-runner/thanatos-runner-env.age".publicKeys = [alarsyo thanatos];
+
   "lohr/shared-secret.age".publicKeys = [alarsyo hades];
 
   "matrix-synapse/secret-config.age".publicKeys = [alarsyo hades];