From 588804857c7bf79cbd23146e6c0b4d7cdba49ec2 Mon Sep 17 00:00:00 2001
From: Sridhar Ratnakumar <srid@srid.ca>
Date: Wed, 3 Apr 2024 18:16:54 +1100
Subject: [PATCH] gh: add github token to linux builder

But we can't use it in nix.conf due to
https://github.com/NixOS/nix/issues/6536
---
 clusters/github-runner/nixos-module.nix | 5 +++++
 flake.nix                               | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/clusters/github-runner/nixos-module.nix b/clusters/github-runner/nixos-module.nix
index 6af80a4..9bb6e2f 100644
--- a/clusters/github-runner/nixos-module.nix
+++ b/clusters/github-runner/nixos-module.nix
@@ -39,6 +39,11 @@ in
   users.groups.${group} = { };
   nix.settings.trusted-users = [ user ];
 
+  # No way to do this: https://github.com/NixOS/nix/issues/6536
+  #nix.extraOptions = ''
+  #  !include /run/keys/nix-conf-gh-token.secret
+  #'';
+
   # Runners
   services.github-runners = mkPersonalRunners "srid" repos.srid;
 
diff --git a/flake.nix b/flake.nix
index d45d83a..9096c2b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -64,6 +64,11 @@
                   inherit user;
                   keyCommand = read1Password "github-runner-token";
                 };
+                "nix-conf-gh-token.secret" = {
+                  user = "root";
+                  permissions = "0440";
+                  keyCommand = read1Password "nix-conf-gh-token";
+                };
               };
             };
         };