refactor(ops): Move buildkite-agent-token into agenix

Relates to b/161

Change-Id: I5d3a698d437928966d8b78ce9e0ba226c1437655
This commit is contained in:
Vincent Ambo 2021-12-10 10:29:41 +03:00
parent a123b9e0a2
commit 9ea4d55d81
4 changed files with 18 additions and 1 deletions

View file

@ -210,6 +210,12 @@ in {
clbot.file = secretFile "clbot";
gerrit-queue.file = secretFile "gerrit-queue";
owothia.file = secretFile "owothia";
buildkite-agent-token = {
file = secretFile "buildkite-agent-token";
mode = "0440";
group = "buildkite-agents";
};
};
# Automatically collect garbage from the Nix store.

View file

@ -33,7 +33,7 @@ in {
value = {
inherit name;
enable = true;
tokenPath = "/etc/secrets/buildkite-agent-token";
tokenPath = "/run/agenix/buildkite-agent-token";
runtimePackages = with pkgs; [ curl jq ];
hooks.post-command = "${buildkiteHooks}/bin/post-command";
};

View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 dcsaLw TEQdP/s+YdThYzunL0Fxs7ccPR+qjxd9IJdtkVjX3jI
ZnnD2KIMunt9Qgs2zJFMeMuoj2l0NKZlMO2WweLnkx8
-> ssh-ed25519 OkGqLg wIAe9VrOPFrheQAKmMjumuX92H0dEAbqJe/IuNvp4TM
AYoLx7LdZEqoOECgmPutF6T+P/lUqO7GKf7w61YgQbg
-> t-grease vGPB i
qH3ME5lUwm8DmZYeo0sP
--- tkaQiyOtKJ4PSuOPxPWK5R6R7YGLSzVd9szY5QubKWI
<;ÂùÍSÖÙtÃ/eÁC˜{_¡øec±»¹@•½Å ¹<>BÕÔÐH:ƒ®A4PV
?qÉììŒ >3sÂ+Ÿg ™3=bϪ »;u_ßòû

View file

@ -9,6 +9,7 @@ let
default.publicKeys = tazjin ++ [ whitby ];
in {
"besadii.age" = default;
"buildkite-agent-token.age" = default;
"clbot.age" = default;
"gerrit-queue.age" = default;
"owothia.age" = default;