feat(whitby): Deploy private SSH key for build agents

Change-Id: I5b1dfaaf28e835cac5b897e18b015d90ac3b2857
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5665
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
This commit is contained in:
Vincent Ambo 2022-05-25 18:17:25 +02:00 committed by tazjin
parent 77f096771d
commit e3a31b702a
2 changed files with 7 additions and 0 deletions

View file

@ -248,6 +248,12 @@ in
group = "buildkite-agents"; group = "buildkite-agents";
}; };
buildkite-private-key = {
file = secretFile "buildkite-ssh-private-key";
mode = "0440";
group = "buildkite-agents";
};
gerrit-besadii-config = { gerrit-besadii-config = {
file = secretFile "besadii"; file = secretFile "besadii";
owner = "git"; owner = "git";

View file

@ -41,6 +41,7 @@ in
inherit name; inherit name;
enable = true; enable = true;
tokenPath = config.age.secretsDir + "/buildkite-agent-token"; tokenPath = config.age.secretsDir + "/buildkite-agent-token";
privateSshKeyPath = config.age.secretsDir + "/buildkite-private-key";
hooks.post-command = "${buildkiteHooks}/bin/post-command"; hooks.post-command = "${buildkiteHooks}/bin/post-command";
runtimePackages = with pkgs; [ runtimePackages = with pkgs; [