diff --git a/.github/workflows/build_systems.yml b/.github/workflows/build_systems.yml index 913c677..cf1f3d0 100644 --- a/.github/workflows/build_systems.yml +++ b/.github/workflows/build_systems.yml @@ -1,4 +1,4 @@ -name: build_jeeves +name: build_systems on: workflow_dispatch: pull_request: @@ -19,3 +19,7 @@ jobs: - uses: actions/checkout@v4 - name: Build default package run: "nixos-rebuild build --flake ./#${{ matrix.system }}" + - name: copy to nix-cache + env: + NIX_SSHOPTS: "-p 629 -i /zfs/storage/secrets/services/github-runners/id_ed25519_github-runners" + run: nix copy --to ssh://192.168.98.14 .#nixosConfigurations.${{ matrix.system }}.config.system.build.toplevel diff --git a/.vscode/settings.json b/.vscode/settings.json index 9f4d1b4..ed4fb50 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -220,6 +220,7 @@ "sponsorblock", "sqltools", "ssdp", + "SSHOPTS", "stdenv", "subresource", "substituters", diff --git a/systems/jeeves/nix_builder.nix b/systems/jeeves/nix_builder.nix index 5410ad0..4df979b 100644 --- a/systems/jeeves/nix_builder.nix +++ b/systems/jeeves/nix_builder.nix @@ -23,6 +23,7 @@ in isReadOnly = false; }; "/secrets".mountPoint = "${vars.storage_secrets}/services/github-runners/${name}"; + "ssh-keys".mountPoint = "${vars.storage_secrets}/services/github-runners/id_ed25519_github-runners"; }; config = { config, pkgs, lib, ... }: { services.github-runners.${name} = { diff --git a/systems/jeeves/runner.nix b/systems/jeeves/runner.nix index 9e2aa49..47f0c23 100644 --- a/systems/jeeves/runner.nix +++ b/systems/jeeves/runner.nix @@ -8,6 +8,9 @@ isSystemUser = true; group = "github-runners"; uid = 601; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/S8i+BNX/12JNKg+5EKGX7Aqimt5KM+ve3wt/SyWuO github-runners" # cspell:disable-line + ]; }; groups.github-runners.gid = 601; };