fix(tvl-buildkite): Set agents' primary group to buildkite-agents r/2476

This ensures files created by the Buildkite agents are always owned by the same group, without having to manually chgrp afterwards. Change-Id: Idbaedec43c16b2ee137d1a95719a05d46db8f900 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2929 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
author: Vincent Ambo <mail@tazj.in> 2021-04-11T15·46+0200
committer: tazjin <mail@tazj.in> 2021-04-11T16·03+0000
commit: 6c3585f76425687324275dbbff6098886479c6b6 (patch)
tree: 197c8b27e2ce58295367f6312fc3b7fc08d2eb6b
parent: df635ead4a1796d788a9750d73a6151e05eb5766 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/ops/nixos/tvl-buildkite.nix b/ops/nixos/tvl-buildkite.nix
index c6dcbd3bc1e8..2aa3b81811f4 100644
--- a/ops/nixos/tvl-buildkite.nix
+++ b/ops/nixos/tvl-buildkite.nix
@@ -36,9 +36,12 @@ in {
     # Set up a group for all Buildkite agent users
     users = {
       groups.buildkite-agents = {};
-      users = builtins.listToAttrs (map (n: {
+      users = builtins.listToAttrs (map (n: rec {
         name = "buildkite-agent-whitby-${toString n}";
-        value.extraGroups = [ "buildkite-agents" ];
+        value = {
+          group = lib.mkForce "buildkite-agents";
+          extraGroups = [ name ];
+        };
       }) agents);
     };
   };
author	Vincent Ambo <mail@tazj.in>	2021-04-11T15·46+0200
committer	tazjin <mail@tazj.in>	2021-04-11T16·03+0000
commit	6c3585f76425687324275dbbff6098886479c6b6 (patch)
tree	197c8b27e2ce58295367f6312fc3b7fc08d2eb6b
parent	df635ead4a1796d788a9750d73a6151e05eb5766 (diff)