Unverified Commit d2d2c6c0 authored by Felix Bargfeldt's avatar Felix Bargfeldt Committed by GitHub
Browse files

nixos/radicle-ci-broker: load private key from radicle-node service (#502978)

parents 9f810903 a76fb62b

nixos/modules/services/continuous-integration/radicle/ci-broker.nix

+6 −1
Original line number Diff line number Diff line
@@ -204,7 +204,12 @@ in 
          RuntimeDirectory = "radicle-ci-broker";

          WorkingDirectory = "/run/radicle-ci-broker";



          BindReadOnlyPaths = config.systemd.services.radicle-node.serviceConfig.BindReadOnlyPaths;

          ImportCredential = config.systemd.services.radicle-node.serviceConfig.ImportCredential or [ ];

          LoadCredential = config.systemd.services.radicle-node.serviceConfig.LoadCredential or [ ];



          BindReadOnlyPaths = config.systemd.services.radicle-node.serviceConfig.BindReadOnlyPaths ++ [

            "/run/credentials/radicle-ci-broker.service/xyz.radicle.node.secret:/var/lib/radicle/keys/radicle"

          ];

          ReadWritePaths = [ RAD_HOME ];



          ExecStart = "${lib.getExe' cfg.package "cib"} --config ${configFile} process-events";