gh: add github token to linux builder

But we can't use it in nix.conf due to https://github.com/NixOS/nix/issues/6536
2025-12-26 15:04:59 +08:00 · 2024-04-03 18:16:54 +11:00 · 2024-04-03 18:16:54 +11:00 · 588804857c
commit 588804857c
parent a31cdb76f6
2 changed files with 10 additions and 0 deletions
--- a/clusters/github-runner/nixos-module.nix
+++ b/clusters/github-runner/nixos-module.nix
@ -39,6 +39,11 @@ in
  users.groups.${group} = { };
  nix.settings.trusted-users = [ user ];

+  # No way to do this: https://github.com/NixOS/nix/issues/6536
+  #nix.extraOptions = ''
+  #  !include /run/keys/nix-conf-gh-token.secret
+  #'';
+
  # Runners
  services.github-runners = mkPersonalRunners "srid" repos.srid;

--- a/flake.nix
+++ b/flake.nix
@ -64,6 +64,11 @@
                  inherit user;
                  keyCommand = read1Password "github-runner-token";
                };
+                "nix-conf-gh-token.secret" = {
+                  user = "root";
+                  permissions = "0440";
+                  keyCommand = read1Password "nix-conf-gh-token";
+                };
              };
            };
        };