feat(tvl-buildkite): Add all buildkite agent users to a local group r/2457

This lets us grant permissions to them, e.g. on local folders. Change-Id: I823ac414be1cb7d6baa4f17d95003709e5911b04 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2905 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
author: Vincent Ambo <mail@tazj.in> 2021-04-09T15·36+0200
committer: tazjin <mail@tazj.in> 2021-04-09T19·58+0000
commit: 4b788757260db1fd8afc6281c2557c95fcd9de19 (patch)
tree: 2f2137182733b7c4bd415ceaec6eb1495fc2ca00
parent: c0213702136221bc38b917e0def2fbe3d781761b (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/ops/nixos/tvl-buildkite.nix b/ops/nixos/tvl-buildkite.nix
index 48515f6c80c2..4ea92b6eeab0 100644
--- a/ops/nixos/tvl-buildkite.nix
+++ b/ops/nixos/tvl-buildkite.nix
@@ -32,5 +32,14 @@ in {
         hooks.post-command = "${buildkiteHooks}/bin/post-command";
       };
     }) agents);
+
+    # Set up a group for all Buildkite agent users
+    users = {
+      groups.buildkite-agents = {};
+      users = builtins.listToAttrs (map (n: {
+        name = "buildkite-agent-whitby-${toString n}";
+        value.extraGroups = [ "buildkite-agents" ];
+      }) agents);
+    };
   };
 }
author	Vincent Ambo <mail@tazj.in>	2021-04-09T15·36+0200
committer	tazjin <mail@tazj.in>	2021-04-09T19·58+0000
commit	4b788757260db1fd8afc6281c2557c95fcd9de19 (patch)
tree	2f2137182733b7c4bd415ceaec6eb1495fc2ca00
parent	c0213702136221bc38b917e0def2fbe3d781761b (diff)