From 7cf1c0b6e797a1d3519a4dbfcf39d6d78d55e630 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Sun, 3 Aug 2025 02:37:13 +0200
Subject: [PATCH] lupine: add runner token for all runners

---
 hosts/lupine/services/gitea-runner.nix |  8 +++-----
 secrets/lupine/lupine.yaml             | 10 +++-------
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/hosts/lupine/services/gitea-runner.nix b/hosts/lupine/services/gitea-runner.nix
index 9c46f35..7f7ef88 100644
--- a/hosts/lupine/services/gitea-runner.nix
+++ b/hosts/lupine/services/gitea-runner.nix
@@ -6,16 +6,14 @@
   # successfully registered will gitea give you the next token.
   # - oysteikt Sep 2023
   sops = {
-    secrets."gitea/runners/token" = {
-      key = "gitea/runners/${lupineName}";
-    };
+    secrets."gitea/runners/token" = { };
 
     templates."gitea-runner-envfile" = {
       restartUnits = [
         "gitea-runner-${lupineName}.service"
       ];
       content = ''
-        TOKEN="${config.sops.placeholder."gitea/runners/token"}"
+        TOKEN=${config.sops.placeholder."gitea/runners/token"}
       '';
     };
   };
@@ -41,5 +39,5 @@
 
   networking.dhcpcd.IPv6rs = false;
 
-  networking.firewall.interfaces."podman+".allowedUDPPorts = [53 5353];
+  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 5353 ];
 }
diff --git a/secrets/lupine/lupine.yaml b/secrets/lupine/lupine.yaml
index dc3153d..c0adf62 100644
--- a/secrets/lupine/lupine.yaml
+++ b/secrets/lupine/lupine.yaml
@@ -1,10 +1,6 @@
 gitea:
     runners:
-        lupine-1: ENC[AES256_GCM,data:UcZB2p/dInvcl0yNBEohzbmcVxg/QQPXlIsaVB3M3hyxFg1gtGfUGA==,iv:OigyPfPoRIjvyiId7hiiWdNrZqyZqI3OonvJC+zYEzI=,tag:SjBsvo/IJKhFQs+PiI596g==,type:str]
-        lupine-2: null
-        lupine-3: null
-        lupine-4: null
-        lupine-5: null
+        token: ENC[AES256_GCM,data:Y27trzUHuA1k9fVs/3PM/L8aIlI+37nAPTVDgWjBX+K4q23saa5XUA==,iv:J4litvX0ip/a340E7S+XHZQG+BGh+K/RzFxdS1VLwA0=,tag:H4oK4vn27U+yXqa/YQJOxA==,type:str]
 sops:
     age:
         - recipient: age1fkrypl6fu4ldsa7te4g3v4qsegnk7sd6qhkquuwzh04vguy96qus08902e
@@ -97,8 +93,8 @@ sops:
             YU5mMDlRckJCMDAzcHYyMWN1clRJRVEK77PiAQP+2+WblGYEgAf6bx6RTh0JHiSZ
             /jPIN/rbAKNv36wpZDbuLV8tcMuvhleNMRSSqbIloLSzww+Z5nOU4A==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-30T18:29:08Z"
-    mac: ENC[AES256_GCM,data:47cki5ucPTVd4JuEyK0QkDCCEqj1pW6SA5I6ihC/MEja6TIuHTcEPFpje8+LvpGjpP9uobKX4g3UcyvkJ63j/k3hU0xPYQX3Z1ee00KIMKB0GHNjUR8ENtnwd3TU7kp5ohtXeCtcyzCjdFFuXp8AINGv3vpbU2MzauctUxn5B1Y=,iv:1mpk/f1QlRtHfA9dqyNLBrvfVPgtLnZ7ibj8qNrEGD8=,tag:drEK1+qeJy97rgeQJyqucA==,type:str]
+    lastmodified: "2025-08-03T01:13:50Z"
+    mac: ENC[AES256_GCM,data:oFbwmbLk3z6oYQMCEcFAGstf6DUT7hh9OUa5HVyeIR15YVgJ9/0hwZPG1m00w1HpKjt7/iVnQQYdPvt00snwn7g0M822MquMbwavozOrWWuhpxlzjM1kn/zTHAPFMmDihAciuQSSk43Dc5FRS5Gc6gwonEsJ5EUqcq2nM/cnAUY=,iv:H1CEaaypKUMCd2zJOXhIUQQqTfOwknG+iBOpgYlirmY=,tag:gKX+OTZ+BrHvcwoyO6YFdA==,type:str]
     pgp:
         - created_at: "2025-07-30T18:27:50Z"
           enc: |-