From 56f9e3775507def5fb0f69e49c3835b747eba7cd Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Wed, 4 Sep 2019 10:34:20 +0100 Subject: [PATCH 1/2] fix(k8s): Move nixery-secrets to the correct namespace --- infra/kubernetes/nixery/secrets.yaml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/infra/kubernetes/nixery/secrets.yaml b/infra/kubernetes/nixery/secrets.yaml index ec97a29d3..e9374faa4 100644 --- a/infra/kubernetes/nixery/secrets.yaml +++ b/infra/kubernetes/nixery/secrets.yaml @@ -4,6 +4,11 @@ # Not all of the values are actually secret (see the matching) --- apiVersion: v1 +kind: Secret +metadata: + name: nixery-secrets + namespace: kube-public +type: Opaque data: gcs-key.json: {{ passLookup "nixery-gcs-json" | b64enc }} gcs-key.pem: {{ passLookup "nixery-gcs-pem" | b64enc }} @@ -11,9 +16,3 @@ data: id_nixery.pub: {{ insertFile "id_nixery.pub" | b64enc }} known_hosts: {{ insertFile "known_hosts" | b64enc }} ssh_config: {{ insertFile "ssh_config" | b64enc }} -kind: Secret -metadata: - creationTimestamp: null - name: nixery-secrets - selfLink: /api/v1/namespaces/kube-public/secrets/nixery-secrets -type: Opaque From 16b317fa5af70a5327ff79597e171f3407882cb4 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Wed, 4 Sep 2019 12:58:04 +0100 Subject: [PATCH 2/2] chore: Update kontemplate to v1.8.0 This version is agnostic of the working directory even if insertFile/insertTemplate are used, which makes it a lot nicer to work with in this repository structure. --- default.nix | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/default.nix b/default.nix index 3b5736a19..0ace70da5 100644 --- a/default.nix +++ b/default.nix @@ -57,10 +57,19 @@ let }) {}).elmPackages; # Wrap kontemplate to inject the Cloud KMS version of 'pass' - kontemplate = self.writeShellScriptBin "kontemplate" '' - export PATH="${self.tazjin.kms_pass}/bin:$PATH" - exec ${super.kontemplate}/bin/kontemplate $@ - ''; + kontemplate = + let master = super.kontemplate.overrideAttrs(_: { + src = self.fetchFromGitHub { + owner = "tazjin"; + repo = "kontemplate"; + rev = "v1.8.0"; + sha256 = "123mjmmm4hynraq1fpn3j5i0a1i87l265kkjraxxxbl0zacv74i1"; + }; + }); + in self.writeShellScriptBin "kontemplate" '' + export PATH="${self.tazjin.kms_pass}/bin:$PATH" + exec ${master}/bin/kontemplate $@ + ''; # One of Gemma's dependencies is missing in nixpkgs' Quicklisp # package set, it is overlaid locally here.