lukegb/depot
1
0
Fork 0
Code Issues 1 Pull requests Projects Packages Activity Actions

vault: switch out for gitea-runner, the actual user doing stuff

Browse source
This commit is contained in:
Luke Granger-Brown 2024-12-30 03:04:17 +00:00
parent 37491ffdd9
commit 0e758252a2
3 changed files with 5 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
ops/vault/cfg/binary-cache-deployer.nix
View file

@ -15,17 +15,7 @@
}]; }];
}; };
my.servers.cofractal-ams01.appPolicies.gitlab-runner = '' my.servers.rexxar.appPolicies.gitea-runner = ''
path "''${vault_gcp_secret_roleset.binary_cache_deployer.backend}/roleset/''${vault_gcp_secret_roleset.binary_cache_deployer.roleset}/token" {
capabilities = ["read"]
}
'';
my.servers.clouvider-lon01.appPolicies.gitlab-runner = ''
path "''${vault_gcp_secret_roleset.binary_cache_deployer.backend}/roleset/''${vault_gcp_secret_roleset.binary_cache_deployer.roleset}/token" {
capabilities = ["read"]
}
'';
my.servers.rexxar.appPolicies.gitlab-runner = ''
path "''${vault_gcp_secret_roleset.binary_cache_deployer.backend}/roleset/''${vault_gcp_secret_roleset.binary_cache_deployer.roleset}/token" { path "''${vault_gcp_secret_roleset.binary_cache_deployer.backend}/roleset/''${vault_gcp_secret_roleset.binary_cache_deployer.roleset}/token" {
capabilities = ["read"] capabilities = ["read"]
} }

6
ops/vault/cfg/config.nix
View file

@ -66,7 +66,7 @@
} }
''; '';
my.apps.authentik = {}; my.apps.authentik = {};
my.apps.forgejo-runner = {}; my.apps.gitea-runner = {};
my.apps.plex-pass = {}; my.apps.plex-pass = {};
my.apps.ads-b = {}; my.apps.ads-b = {};
my.apps.nixbuild = {}; my.apps.nixbuild = {};
@ -78,7 +78,7 @@
my.apps.bsky-pds = {}; my.apps.bsky-pds = {};
my.servers.etheroute-lon01.apps = [ "pomerium" ]; my.servers.etheroute-lon01.apps = [ "pomerium" ];
my.servers.bvm-forgejo.apps = [ "pomerium" "forgejo-runner" ]; my.servers.bvm-forgejo.apps = [ "pomerium" "gitea-runner" ];
my.servers.howl.apps = [ "nixbuild" ]; my.servers.howl.apps = [ "nixbuild" ];
my.servers.porcorosso.apps = [ "quotesdb" "nixbuild" ]; my.servers.porcorosso.apps = [ "quotesdb" "nixbuild" ];
my.servers.nausicaa.apps = [ "quotesdb" "nixbuild" "hacky-vouchproxy" "hackyplayer" "emfminiserv" ]; my.servers.nausicaa.apps = [ "quotesdb" "nixbuild" "hacky-vouchproxy" "hackyplayer" "emfminiserv" ];
@ -91,5 +91,5 @@
my.servers.bvm-prosody.apps = [ "turn" ]; my.servers.bvm-prosody.apps = [ "turn" ];
my.servers.bvm-nixosmgmt.apps = [ "plex-pass" ]; my.servers.bvm-nixosmgmt.apps = [ "plex-pass" ];
my.servers.bvm-netbox.apps = [ "netbox" ]; my.servers.bvm-netbox.apps = [ "netbox" ];
my.servers.rexxar.apps = [ "deluge" "forgejo-runner" "nixbuild" "hacky-vouchproxy" "hackyplayer" "emfminiserv" "fup" "bsky-pds" ]; my.servers.rexxar.apps = [ "deluge" "gitea-runner" "nixbuild" "hacky-vouchproxy" "hackyplayer" "emfminiserv" "fup" "bsky-pds" ];
} }

12
ops/vault/cfg/lukegbcom-deployer.nix
View file

@ -19,17 +19,7 @@
}]; }];
}; };
my.servers.clouvider-lon01.appPolicies.gitlab-runner = '' my.servers.rexxar.appPolicies.gitea-runner = ''
path "''${vault_gcp_secret_roleset.lukegbcom_deployer.backend}/roleset/''${vault_gcp_secret_roleset.lukegbcom_deployer.roleset}/token" {
capabilities = ["read"]
}
'';
my.servers.cofractal-ams01.appPolicies.gitlab-runner = ''
path "''${vault_gcp_secret_roleset.lukegbcom_deployer.backend}/roleset/''${vault_gcp_secret_roleset.lukegbcom_deployer.roleset}/token" {
capabilities = ["read"]
}
'';
my.servers.rexxar.appPolicies.gitlab-runner = ''
path "''${vault_gcp_secret_roleset.lukegbcom_deployer.backend}/roleset/''${vault_gcp_secret_roleset.lukegbcom_deployer.roleset}/token" { path "''${vault_gcp_secret_roleset.lukegbcom_deployer.backend}/roleset/''${vault_gcp_secret_roleset.lukegbcom_deployer.roleset}/token" {
capabilities = ["read"] capabilities = ["read"]
} }