set up gihubstatus

nixos/pruflas/configuration.nix

@@ -9,6 +9,7 @@ let
   wg0PrivKey = "${config.networking.hostName}-wg0-key";
   wgHydraPrivKey = "${config.networking.hostName}-wg-hydra-key";
   wg0PresharedKey = "${config.networking.hostName}-wg0-preshared-key";
+  hydraGitHubAuth = "hydra-github-authorization";
 in
 {
   imports = [ ./hardware-configuration.nix ];
@@ -17,6 +18,8 @@ in
 
   services.logind.lidSwitch = "ignore";
 
+  age.secrets.${hydraGitHubAuth}.file = "${secretsPath}/${hydraGitHubAuth}.age";
+
   services.hydra = {
     enable = true;
     package = pkgs.hydra-unstable;
@@ -26,6 +29,16 @@ in
     useSubstitutes = true;
     port = 3000;
     listenHost = "10.3.3.3";
+    extraConfig = ''
+      Include ${config.age.secrets."${hydraGitHubAuth}".path}
+
+      <githubstatus>
+        jobs = nix-config:nix-config.*
+        inputs = nix-config
+        excludeBuildFromContext = 1
+        useShortContext = 1
+      </githubstatus>
+    '';
   };
 
   nix.buildMachines = [

secrets/hydra-github-authorization.age

@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 IXCPDQ FIIoY8iq2Eg0Vw/SNSeBWDOwbecffHz11T0SlhRTMjo
+5bFPVivYR720P43uQ/c+y4TUX2iSnhoPcaIsgB6hePk
+-> ssh-ed25519 Otklkw od+LuwSv3xq+Z9Y8HSWXoJ5Zv07uzwRnBUPZErzha3c
+Qr+4ofsEnP0TwCc+j7S1Rtu/X8Gq30eYnkJFzDFv194
+-> K\f7-grease -3R #
+DmUr0gWgtRXwnabANCq+pgjmNoAkmPlghI5Y308SR7DQtNGdyZpuSQdZ7xF4PYGS
+c7UBBjPRBW0
+--- fswZzO7E/Hwsb1lH4bbgvPaVCQzHfsdz1tLDuyBzLm8
+3GoPöØÌAóözuÎ(Ð)’#EMÿ9=a•]·¶|
—c3ä[“œ‡aÞÕ“ÃèuG#‰™wn ¤«é-ò½\QÎ1C:˜sÛ*Ò¨§8ÿËï̺uwÍ$ØñaqQSç…O:>ÔsˆɨÐ<C2A8>Øzñ
ÑåÂOíÈñMÂk¥}^

secrets/secrets.nix

@@ -16,6 +16,7 @@ in
   "pruflas-wg0-key.age".publicKeys = [ systems.pruflas dadada ];
   "pruflas-wg0-preshared-key.age".publicKeys = [ systems.pruflas dadada ];
   "pruflas-wg-hydra-key.age".publicKeys = [ systems.pruflas dadada ];
+  "hydra-github-authorization.age".publicKeys = [ systems.pruflas dadada ];
 } //
 backupSecrets "gorgon" //
 backupSecrets "ifrit" //