diff options
author | Vincent Ambo <mail@tazj.in> | 2022-05-25T16·17+0200 |
---|---|---|
committer | tazjin <tazjin@tvl.su> | 2022-05-25T23·53+0000 |
commit | e3a31b702a18423c825dc647211b2ae586ca8333 (patch) | |
tree | 16fcbae2b146fa632f9c5d95c3300065c8d8987b | |
parent | 77f096771dc948db20c8aa9f01d3843cd0eccb0a (diff) |
feat(whitby): Deploy private SSH key for build agents r/4118
Change-Id: I5b1dfaaf28e835cac5b897e18b015d90ac3b2857 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5665 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi>
-rw-r--r-- | ops/machines/whitby/default.nix | 6 | ||||
-rw-r--r-- | ops/modules/tvl-buildkite.nix | 1 |
2 files changed, 7 insertions, 0 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index 7518e671795b..2078d86491f8 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -248,6 +248,12 @@ in group = "buildkite-agents"; }; + buildkite-private-key = { + file = secretFile "buildkite-ssh-private-key"; + mode = "0440"; + group = "buildkite-agents"; + }; + gerrit-besadii-config = { file = secretFile "besadii"; owner = "git"; diff --git a/ops/modules/tvl-buildkite.nix b/ops/modules/tvl-buildkite.nix index c38687f80f71..4341ef01d744 100644 --- a/ops/modules/tvl-buildkite.nix +++ b/ops/modules/tvl-buildkite.nix @@ -41,6 +41,7 @@ in inherit name; enable = true; tokenPath = config.age.secretsDir + "/buildkite-agent-token"; + privateSshKeyPath = config.age.secretsDir + "/buildkite-private-key"; hooks.post-command = "${buildkiteHooks}/bin/post-command"; runtimePackages = with pkgs; [ |