refactor(ops): Move buildkite-agent-token into agenix
Relates to b/161 Change-Id: I5d3a698d437928966d8b78ce9e0ba226c1437655
This commit is contained in:
parent
a123b9e0a2
commit
9ea4d55d81
4 changed files with 18 additions and 1 deletions
|
@ -210,6 +210,12 @@ in {
|
|||
clbot.file = secretFile "clbot";
|
||||
gerrit-queue.file = secretFile "gerrit-queue";
|
||||
owothia.file = secretFile "owothia";
|
||||
|
||||
buildkite-agent-token = {
|
||||
file = secretFile "buildkite-agent-token";
|
||||
mode = "0440";
|
||||
group = "buildkite-agents";
|
||||
};
|
||||
};
|
||||
|
||||
# Automatically collect garbage from the Nix store.
|
||||
|
|
|
@ -33,7 +33,7 @@ in {
|
|||
value = {
|
||||
inherit name;
|
||||
enable = true;
|
||||
tokenPath = "/etc/secrets/buildkite-agent-token";
|
||||
tokenPath = "/run/agenix/buildkite-agent-token";
|
||||
runtimePackages = with pkgs; [ curl jq ];
|
||||
hooks.post-command = "${buildkiteHooks}/bin/post-command";
|
||||
};
|
||||
|
|
10
ops/secrets/buildkite-agent-token.age
Normal file
10
ops/secrets/buildkite-agent-token.age
Normal file
|
@ -0,0 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 dcsaLw TEQdP/s+YdThYzunL0Fxs7ccPR+qjxd9IJdtkVjX3jI
|
||||
ZnnD2KIMunt9Qgs2zJFMeMuoj2l0NKZlMO2WweLnkx8
|
||||
-> ssh-ed25519 OkGqLg wIAe9VrOPFrheQAKmMjumuX92H0dEAbqJe/IuNvp4TM
|
||||
AYoLx7LdZEqoOECgmPutF6T+P/lUqO7GKf7w61YgQbg
|
||||
-> t-grease vGPB i
|
||||
qH3ME5lUwm8DmZYeo0sP
|
||||
--- tkaQiyOtKJ4PSuOPxPWK5R6R7YGLSzVd9szY5QubKWI
|
||||
<;ÂùÍSÖÙtÃ/eÁC˜{_¡øec±»¹@•½Å
¹<>Fà›BÕÔÐH:ƒ®A4PV
|
||||
?qÉììŒ>3sÂ+Ÿg ™3=bϪ »;u_ßòû
|
|
@ -9,6 +9,7 @@ let
|
|||
default.publicKeys = tazjin ++ [ whitby ];
|
||||
in {
|
||||
"besadii.age" = default;
|
||||
"buildkite-agent-token.age" = default;
|
||||
"clbot.age" = default;
|
||||
"gerrit-queue.age" = default;
|
||||
"owothia.age" = default;
|
||||
|
|
Loading…
Reference in a new issue