Merge pull request #6 from tazjin/fix/nixery-secrets-namespace

Fix Nixery resources namespace & bump kontemplate
2019-09-04 14:18:08 +01:00 · 2019-09-04 14:18:08 +01:00 · b41be36bb7
commit b41be36bb7
parent 628cec3433 16b317fa5a
2 changed files with 18 additions and 10 deletions
--- a/default.nix
+++ b/default.nix
@ -57,10 +57,19 @@ let
    }) {}).elmPackages;

    # Wrap kontemplate to inject the Cloud KMS version of 'pass'
-    kontemplate = self.writeShellScriptBin "kontemplate" ''
-      export PATH="${self.tazjin.kms_pass}/bin:$PATH"
-      exec ${super.kontemplate}/bin/kontemplate $@
-    '';
+    kontemplate =
+      let master = super.kontemplate.overrideAttrs(_: {
+        src = self.fetchFromGitHub {
+          owner = "tazjin";
+          repo = "kontemplate";
+          rev = "v1.8.0";
+          sha256 = "123mjmmm4hynraq1fpn3j5i0a1i87l265kkjraxxxbl0zacv74i1";
+        };
+      });
+      in self.writeShellScriptBin "kontemplate" ''
+        export PATH="${self.tazjin.kms_pass}/bin:$PATH"
+        exec ${master}/bin/kontemplate $@
+      '';

    # One of Gemma's dependencies is missing in nixpkgs' Quicklisp
    # package set, it is overlaid locally here.
--- a/infra/kubernetes/nixery/secrets.yaml
+++ b/infra/kubernetes/nixery/secrets.yaml
@ -4,6 +4,11 @@
 # Not all of the values are actually secret (see the matching)
 ---
 apiVersion: v1
+kind: Secret
+metadata:
+  name: nixery-secrets
+  namespace: kube-public
+type: Opaque
 data:
  gcs-key.json: {{ passLookup "nixery-gcs-json" | b64enc }}
  gcs-key.pem: {{ passLookup "nixery-gcs-pem" | b64enc }}
@ -11,9 +16,3 @@ data:
  id_nixery.pub: {{ insertFile "id_nixery.pub" | b64enc }}
  known_hosts: {{ insertFile "known_hosts" | b64enc }}
  ssh_config: {{ insertFile "ssh_config" | b64enc }}
-kind: Secret
-metadata:
-  creationTimestamp: null
-  name: nixery-secrets
-  selfLink: /api/v1/namespaces/kube-public/secrets/nixery-secrets
-type: Opaque