feat(whitby): Deploy private SSH key for build agents
Change-Id: I5b1dfaaf28e835cac5b897e18b015d90ac3b2857 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5665 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
This commit is contained in:
parent
77f096771d
commit
e3a31b702a
2 changed files with 7 additions and 0 deletions
|
@ -248,6 +248,12 @@ in
|
||||||
group = "buildkite-agents";
|
group = "buildkite-agents";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
buildkite-private-key = {
|
||||||
|
file = secretFile "buildkite-ssh-private-key";
|
||||||
|
mode = "0440";
|
||||||
|
group = "buildkite-agents";
|
||||||
|
};
|
||||||
|
|
||||||
gerrit-besadii-config = {
|
gerrit-besadii-config = {
|
||||||
file = secretFile "besadii";
|
file = secretFile "besadii";
|
||||||
owner = "git";
|
owner = "git";
|
||||||
|
|
|
@ -41,6 +41,7 @@ in
|
||||||
inherit name;
|
inherit name;
|
||||||
enable = true;
|
enable = true;
|
||||||
tokenPath = config.age.secretsDir + "/buildkite-agent-token";
|
tokenPath = config.age.secretsDir + "/buildkite-agent-token";
|
||||||
|
privateSshKeyPath = config.age.secretsDir + "/buildkite-private-key";
|
||||||
hooks.post-command = "${buildkiteHooks}/bin/post-command";
|
hooks.post-command = "${buildkiteHooks}/bin/post-command";
|
||||||
|
|
||||||
runtimePackages = with pkgs; [
|
runtimePackages = with pkgs; [
|
||||||
|
|
Loading…
Reference in a new issue