From 0926f6ec1fc21917137874114d889a4bda9f7664 Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Date: Thu, 28 Sep 2023 14:11:30 +0200
Subject: [PATCH] Add runner for gitlab.bsc.es

---
 m/hut/gitlab-runner.nix         | 13 +++++++++++++
 secrets/gitlab-bsc-es-token.age | 11 +++++++++++
 secrets/secrets.nix             |  1 +
 3 files changed, 25 insertions(+)
 create mode 100644 secrets/gitlab-bsc-es-token.age

diff --git a/m/hut/gitlab-runner.nix b/m/hut/gitlab-runner.nix
index d9fedb5..09c871b 100644
--- a/m/hut/gitlab-runner.nix
+++ b/m/hut/gitlab-runner.nix
@@ -2,6 +2,7 @@
 
 {
   age.secrets.ovniToken.file = ../../secrets/ovni-token.age;
+  age.secrets.gitlabToken.file = ../../secrets/gitlab-bsc-es-token.age;
   age.secrets.nosvToken.file = ../../secrets/nosv-token.age;
 
   services.gitlab-runner = {
@@ -20,6 +21,18 @@
           SHELL = "${pkgs.bash}/bin/bash";
         };
       };
+      gitlab-bsc-es-shell = {
+        registrationConfigFile = config.age.secrets.gitlabToken.path;
+        executor = "shell";
+        tagList = [ "nix" "xeon" ];
+        registrationFlags = [
+          # Using space doesn't work, and causes it to misread the next flag
+          "--locked='false'"
+        ];
+        environmentVariables = {
+          SHELL = "${pkgs.bash}/bin/bash";
+        };
+      };
       ovni-docker = {
         registrationConfigFile = config.age.secrets.ovniToken.path;
         dockerImage = "debian:stable";
diff --git a/secrets/gitlab-bsc-es-token.age b/secrets/gitlab-bsc-es-token.age
new file mode 100644
index 0000000..ffe7aaf
--- /dev/null
+++ b/secrets/gitlab-bsc-es-token.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 HY2yRg caTbx0NBmsTSmZH4HtBaxhsauWqWUDTesJqT08UsoEQ
+8ND31xuco+H8d5SKg8xsCFRPVDhU4d8UKwV1BnmKVjQ
+-> ssh-ed25519 CAWG4Q 4ETYuhCwHHECkut4DWDknMMgpAvFqtzLWVC2Wi2L8FM
+BGMvRnAfd8qZG5hzLefmk32FkGvwzE9pqBUyx4JY0co
+-> ssh-ed25519 MSF3dg hj5QL4ZfylN8/W/MXQHvVqtI7mRvlQOYr8HsaQEmPB0
+kvB7sljmmkswSGZDQnrwdTbTsN78EAwH3pz1pPe0Hu0
+-> )Q-grease vHF} [8p1> @7z;C"/
+tgSUKFyyrf2jLXZp+pakigwB2fRO/WFj2Qnt1aPjtVPEK92JbJ4
+--- xzM0AhV4gTQE0Q7inJNo9vFj+crJQxWeI7u9pl7bqAI
+á6nGJÖ0Bˆ’7F° –bßÙ½2®L³äÇ]²2zlÀ&e†KÄx®àé9SWNàV"MfŽ€ëÙKHUC:1b;9St‰ëõ±DuÑ§ç‹Ï¢žÌŸ¡èÐéîÀ–ÔfÕ7¨î1§I(õdÓþô‡ïó
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 95b43ac..991cdd5 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -6,6 +6,7 @@ let
   safe = keys.hostGroup.safe ++ adminsKeys;
 in
 {
+  "gitlab-bsc-es-token.age".publicKeys = hut;
   "ovni-token.age".publicKeys = hut;
   "nosv-token.age".publicKeys = hut;
   "nix-serve.age".publicKeys = hut;