about summary refs log tree commit diff
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2021-12-10T07·29+0300
committerVincent Ambo <mail@tazj.in>2021-12-10T07·32+0300
commit9ea4d55d81d61b6073e69bebdc614f9694d8223c (patch)
tree87194b2394d4d37c29cf880779894069b361042a
parenta123b9e0a2a575816bab5b717a1d62b1966ac0a2 (diff)
refactor(ops): Move buildkite-agent-token into agenix r/3176
Relates to b/161

Change-Id: I5d3a698d437928966d8b78ce9e0ba226c1437655
Diffstat
-rw-r--r--ops/machines/whitby/default.nix6
-rw-r--r--ops/modules/tvl-buildkite.nix2
-rw-r--r--ops/secrets/buildkite-agent-token.age10
-rw-r--r--ops/secrets/secrets.nix1
4 files changed, 18 insertions, 1 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index d6d3004ffc34..c066fa400fe3 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -210,6 +210,12 @@ in {
       clbot.file = secretFile "clbot";
       gerrit-queue.file = secretFile "gerrit-queue";
       owothia.file = secretFile "owothia";
+
+      buildkite-agent-token = {
+        file = secretFile "buildkite-agent-token";
+        mode = "0440";
+        group = "buildkite-agents";
+      };
     };
 
   # Automatically collect garbage from the Nix store.
diff --git a/ops/modules/tvl-buildkite.nix b/ops/modules/tvl-buildkite.nix
index 56e49c991238..1f0d4e2e7abe 100644
--- a/ops/modules/tvl-buildkite.nix
+++ b/ops/modules/tvl-buildkite.nix
@@ -33,7 +33,7 @@ in {
       value = {
         inherit name;
         enable = true;
-        tokenPath = "/etc/secrets/buildkite-agent-token";
+        tokenPath = "/run/agenix/buildkite-agent-token";
         runtimePackages = with pkgs; [ curl jq ];
         hooks.post-command = "${buildkiteHooks}/bin/post-command";
       };
diff --git a/ops/secrets/buildkite-agent-token.age b/ops/secrets/buildkite-agent-token.age
new file mode 100644
index 000000000000..27ed2282b890
--- /dev/null
+++ b/ops/secrets/buildkite-agent-token.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 dcsaLw TEQdP/s+YdThYzunL0Fxs7ccPR+qjxd9IJdtkVjX3jI
+ZnnD2KIMunt9Qgs2zJFMeMuoj2l0NKZlMO2WweLnkx8
+-> ssh-ed25519 OkGqLg wIAe9VrOPFrheQAKmMjumuX92H0dEAbqJe/IuNvp4TM
+AYoLx7LdZEqoOECgmPutF6T+P/lUqO7GKf7w61YgQbg
+-> t-grease vGPB i
+qH3ME5lUwm8DmZYeo0sP
+--- tkaQiyOtKJ4PSuOPxPWK5R6R7YGLSzVd9szY5QubKWI
+<;St/eC{_ec@
FBH:A4PV
+?q>3s+g 3=bϪ;u_
\ No newline at end of file
diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix
index 308893358dc9..6c9f558e3a36 100644
--- a/ops/secrets/secrets.nix
+++ b/ops/secrets/secrets.nix
@@ -9,6 +9,7 @@ let
   default.publicKeys = tazjin ++ [ whitby ];
 in {
   "besadii.age" = default;
+  "buildkite-agent-token.age" = default;
   "clbot.age" = default;
   "gerrit-queue.age" = default;
   "owothia.age" = default;
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-11-01T07·03+0000