refactor(ops): Move buildkite-agent-token into agenix

Relates to b/161 Change-Id: I5d3a698d437928966d8b78ce9e0ba226c1437655
2021-12-10 10:29:41 +03:00 · 2021-12-10 10:29:41 +03:00 · 9ea4d55d81
commit 9ea4d55d81
parent a123b9e0a2
4 changed files with 18 additions and 1 deletions
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@ -210,6 +210,12 @@ in {
      clbot.file = secretFile "clbot";
      gerrit-queue.file = secretFile "gerrit-queue";
      owothia.file = secretFile "owothia";
      buildkite-agent-token = {
        file = secretFile "buildkite-agent-token";
        mode = "0440";
        group = "buildkite-agents";
      };
    };
  # Automatically collect garbage from the Nix store.
--- a/ops/modules/tvl-buildkite.nix
+++ b/ops/modules/tvl-buildkite.nix
@ -33,7 +33,7 @@ in {
      value = {
        inherit name;
        enable = true;
-        tokenPath = "/etc/secrets/buildkite-agent-token";
+        tokenPath = "/run/agenix/buildkite-agent-token";
        runtimePackages = with pkgs; [ curl jq ];
        hooks.post-command = "${buildkiteHooks}/bin/post-command";
      };
--- a/ops/secrets/buildkite-agent-token.age
+++ b/ops/secrets/buildkite-agent-token.age
@ -0,0 +1,10 @@
 age-encryption.org/v1
 -> ssh-ed25519 dcsaLw TEQdP/s+YdThYzunL0Fxs7ccPR+qjxd9IJdtkVjX3jI
 ZnnD2KIMunt9Qgs2zJFMeMuoj2l0NKZlMO2WweLnkx8
 -> ssh-ed25519 OkGqLg wIAe9VrOPFrheQAKmMjumuX92H0dEAbqJe/IuNvp4TM
 AYoLx7LdZEqoOECgmPutF6T+P/lUqO7GKf7w61YgQbg
 -> t-grease vGPB i
 qH3ME5lUwm8DmZYeo0sP
 --- tkaQiyOtKJ4PSuOPxPWK5R6R7YGLSzVd9szY5QubKWI
 <;ÂùÍSÖÙtÃ/eÁC˜{_¡øec±»¹@•½Å
¹<>Fà›BÕÔÐH:ƒ®A4PV
 ?qÉììŒ>3sÂ+Ÿg ™3=bÏª »;u_ßòû
--- a/ops/secrets/secrets.nix
+++ b/ops/secrets/secrets.nix
@ -9,6 +9,7 @@ let
  default.publicKeys = tazjin ++ [ whitby ];
 in {
  "besadii.age" = default;
  "buildkite-agent-token.age" = default;
  "clbot.age" = default;
  "gerrit-queue.age" = default;
  "owothia.age" = default;