about summary refs log tree commit diff
diff options
context:
space:
mode:
authorAspen Smith <root@gws.fyi>2024-01-18T15·32-0500
committeraspen <root@gws.fyi>2024-01-18T17·24+0000
commit8e08dd69705d07c3e4782856b49e3732f273703f (patch)
tree6a6849e7a4b6f62b42f6773c9db79bc21d2f7659
parentf169a56ad60514fd74f8d23b326f634b387b443b (diff)
feat(grfn/system): Add windtunnel bot github token secret r/7420
Change-Id: Ib67526e782fe0bedecd24d9c48dcf189fb8b5b02
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10664
Reviewed-by: aspen <root@gws.fyi>
Autosubmit: aspen <root@gws.fyi>
Tested-by: BuildkiteCI
Diffstat
-rw-r--r--users/grfn/secrets/secrets.nix1
-rw-r--r--users/grfn/secrets/windtunnel-bot-github-token.age11
-rw-r--r--users/grfn/system/system/machines/mugwump.nix8
3 files changed, 19 insertions, 1 deletions
diff --git a/users/grfn/secrets/secrets.nix b/users/grfn/secrets/secrets.nix
index 448dbba1fd1a..5bfb1c3eb08c 100644
--- a/users/grfn/secrets/secrets.nix
+++ b/users/grfn/secrets/secrets.nix
@@ -11,4 +11,5 @@ in
   "ddclient-password.age".publicKeys = [ grfn mugwump ];
   "buildkite-ssh-key.age".publicKeys = [ grfn mugwump ogopogo ];
   "buildkite-token.age".publicKeys = [ grfn mugwump ogopogo ];
+  "windtunnel-bot-github-token.age".publicKeys = [ grfn mugwump ogopogo ];
 }
diff --git a/users/grfn/secrets/windtunnel-bot-github-token.age b/users/grfn/secrets/windtunnel-bot-github-token.age
new file mode 100644
index 000000000000..daae99958276
--- /dev/null
+++ b/users/grfn/secrets/windtunnel-bot-github-token.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 CpJBgQ YaZ2VHyXofn2qnxRrOYO4yPPu77BEPFq/cbnfa+5WAA
+VgJQoyJVxirvASD0aDsuzmbNJdIP0kpHa5b72Ri7kr8
+-> ssh-ed25519 LfBFbQ cXXW3kQzZL7sU4heujIJGzvfpbX0toL2AgsJl5AZPEg
+mhkKn69c/QeCJhYAFgx/MsHrIrXim3OcjkZ/rrckVLs
+-> ssh-ed25519 GeE7sQ /XcP3pWg+aKF1F0sPu6RpYv3Rfj2J/QI0yjg3Wgfjm0
+d+rsgbMlDJx0VrjD4/nO4UcM10hcrLxcPA3QlY1t7sQ
+-> "0?-grease k}d?h6 |v
+7mV6AFUdCMCrkmLVQaWJPQ
+--- I9Ls9AWMkSFCKw7y4pLoTkeGw7h5iROwXLuUm0nfuj8
+~‚v‰8‚&‚ü£¹3\²Òý.»%$¼›Éº°³tòóˆØQ©ˆÀ¨á”Åé¼Íœ}ˆ—ó,BEÇh
w96”çö?ÓU
\ No newline at end of file
diff --git a/users/grfn/system/system/machines/mugwump.nix b/users/grfn/system/system/machines/mugwump.nix
index 5b3cf1204904..3d4de5df1d87 100644
--- a/users/grfn/system/system/machines/mugwump.nix
+++ b/users/grfn/system/system/machines/mugwump.nix
@@ -96,6 +96,12 @@ with lib;
         group = "keys";
         mode = "0440";
       };
+
+      windtunnel-bot-github-token = {
+        file = secret "windtunnel-bot-github-token";
+        group = "keys";
+        mode = "0440";
+      };
     };
 
   services.fail2ban = {
@@ -295,6 +301,6 @@ with lib;
 
   users.users."buildkite-agent-mugwump-1" = {
     isSystemUser = true;
-    extraGroups = [ "docker" ];
+    extraGroups = [ "docker" "keys" ];
   };
 }
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-11-02T04·12+0000