Add ears self hosted runners

machines/ears.l/configuration.nix

@@ -10,4 +10,22 @@
   ];
 
   networking.firewall.allowedTCPPorts = [22 9100];
-}
+
+  age.secrets."ears-runner-token".file = ../../secrets/ears-runner-token.age;
+
+  services.github-runners =
+    let
+      mkRunner = name: {
+        inherit name;
+        enable = true;
+        user = "ears";
+        tokenFile = config.age.secrets.ears-runner-token.path;
+        url = "https://github.com/UM-LPM/tournaments";
+      };
+    in
+    {
+      runner1 = mkRunner "runner1";
+      runner2 = mkRunner "runner2";
+      runner3 = mkRunner "runner3";
+    }
+  }

secrets/ears-runner-token.age

@@ -0,0 +1,25 @@
+age-encryption.org/v1
+-> ssh-ed25519 +YRSNg 3YQqCSZEg6t+KOQRfakRISLfKhcIHFcmKT0HiQlcdXM
+ttYw3jKwxHrw0Dk6rD0C61BtQtpsoaQvwUVemCjIXkk
+-> ssh-ed25519 6nHthg b5Hlk17zXU1A2IN/jivtfBl5pT9iPLvy1+KJu9MEqk0
+w5JFJY6I44Cj+kQR1Hvmiq7ZRh8diAT8BHccy6/zpkQ
+-> ssh-rsa juJAog
+TQIGIEVyylMenivU+USYdLZg5uDByUptxFSgBxg0n+B+sjPmPRB3nwU1oyhIznub
+McCIsQExXiCZ7VbJSjA1ooUOJIMW0qR+7hvSiWh3AkQFUKWFHmM4+miQH1HPRFn2
+jCTdBN+z622iJIhum+clnigZPq7no8jQwpVJcqu2+UVc83+O5uYkFvYo/egq7pGx
+Gye7xhy6q3Q6g5Xtn9lpNvsl9UqBFc759o5PnByiT3yTK6+EPZptMRagwCtX3wxT
+QIu7OXVfx8449gzB1rStbWXg7fCOFuiFWY1KVww7eTC9psb7AO3lhnSajkdrBNQg
+l1xDpbZ60qeOSzzp6VWyDSf6ems5cPcJG7KZQ20t3drPeXlD7atV9TEhh5dqrCuz
+NRZbeS8spmVh/xJdxALDiVOg7zc1b1GTj3DrPk/4lPIjPeakMZ6InCH1tTgIvgxR
+nWXVLSL2jZfk8gHx30vrVuhGpzloJF8uKwn7Bn+SVB+1om/+BbG4G9I3p5L1PJKO
+3KEXgr+f6TZKO5xCi5LodI+OujJInMxjmslzTLa7F9n9rUtKakeVqX2LQtJ3auth
+tciDR/Dn2fx/tAXGa/8x+/SxZVaNt0rDAohIcz6C9VurS9ISh7c3eY3rQ5c3U8an
+N6fPZ9AJdMgYRT4S8/2j8LIv/d5gyT50qME/0kifeac
+-> ssh-ed25519 6w6bOA 9rmJTkjcSbUJ+HxxStjgamLIvgrOjGTuxNduOItPsDU
+2J9OM6maOhnWgqMtvQrRCLoBgSoapGI9NcKma4bnHjs
+-> ssh-ed25519 r9AiRQ wK06ozWLUmLWi5PwndSHeAFu42hFQwQMOu54pjaAFzM
+W8DfVtZ8H3nXp/ctJgoEB63u8HN1wbAl/NMfSKCO0U4
+-> ssh-ed25519 4YX1lA zM0tJzyfzwI+8F2b2wz72XcC6VtTzlm/P1jHnyFa8TI
+yjcIyeGkpMBYV4qUhGhDYrxwm/7+6DDgnmEPSYuLDS8
+--- r2PmzE8nxClNwY+uFpHUzLrzHCssMd3B+qOmwsfEWAs
+(�`�?;m��E�‡*�z_=�]ի�<�6��v`��:`��P]��p�:�V:o�/_�/�L�
u

secrets/secrets.nix

@@ -10,6 +10,7 @@ in
   "login-runner-token.age".publicKeys = [systems."runner1.l"] ++ (with users; [mario ziga marko matej]);
   "grades-runner-token.age".publicKeys = [systems."runner1.l"] ++ (with users; [mario ziga marko matej]);
   "catalog-runner-token.age".publicKeys = [systems."runner1.l"] ++ (with users; [mario ziga marko matej]);
+  "ears-runner-token.age".publicKeys = [systems."ears.l"] ++ (with users; [mario ziga marko matej miha]);
   "mqtt-passwords.age".publicKeys = [systems."student-mqtt.l"] ++ (with users; [mario ziga matej]);
   "login-internal-secrets.age".publicKeys = [systems."login.l"] ++ (with users; [mario ziga matej marko]);
   "login-external-secrets.age".publicKeys = [systems."login.l"] ++ (with users; [mario ziga matej marko]);

ssh/systems.nix

@@ -30,6 +30,9 @@
   "runner2.l" = {
     key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILub+nPv2n69XEDidopa01yuT6U9q53n8yMVzx63Upwa";
   };
+  "ears.l" = {
+    key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICfp0u3dM4WfK2DLmh3JVGX4asaYyXjJqKzWYK53jS7d";
+  };
   "sso-test.l" = {
     key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJlDx9wxreroWOqxj4JiuvKsuPxKB2wFkEbzy+IMKvQ/";
   };