refactor(tvl-buildkite): Prepare gerrit credentials helper r/3200

Currently this functionality is provided by a shell script stored in /etc/secrets (which has the password value hardcoded). This needs to happen in a separate commit from the one that changes the pipeline to avoid breaking it (it needs to be deployed first). Change-Id: I680754c828ccefbacfcf0d5c813a4bc19493ba4c
author: Vincent Ambo <mail@tazj.in> 2021-12-10T18·44+0300
committer: clbot <clbot@tvl.fyi> 2021-12-10T19·52+0000
commit: 5baa9b6d87a29bdc0bf339765e995772f0cdbec8 (patch)
tree: e219f398809980fab1f1579ab3bd504caca1fa13 /ops
parent: 2fe8d724d7cbc86c68c62ed6233e7b982566ad4d (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/ops/modules/tvl-buildkite.nix b/ops/modules/tvl-buildkite.nix
index f7d7223a037d..fc0f45b8c029 100644
--- a/ops/modules/tvl-buildkite.nix
+++ b/ops/modules/tvl-buildkite.nix
@@ -17,6 +17,11 @@ let
     mkdir -p $out/bin
     ln -s ${besadiiWithConfig "post-command"} $out/bin/post-command
   '';
+
+  credentialHelper = pkgs.writeShellScriptBin "gerrit-creds" ''
+    echo 'username=buildkite'
+    echo "password=$(jq -r '.gerritPassword' /run/agenix/buildkite-besadii-config)"
+  '';
 in {
   options.services.depot.buildkite = {
     enable = lib.mkEnableOption description;
@@ -39,6 +44,7 @@ in {
         runtimePackages = with pkgs; [
           bash
           coreutils
+          credentialHelper
           curl
           git
           gnutar
author	Vincent Ambo <mail@tazj.in>	2021-12-10T18·44+0300
committer	clbot <clbot@tvl.fyi>	2021-12-10T19·52+0000
commit	5baa9b6d87a29bdc0bf339765e995772f0cdbec8 (patch)
tree	e219f398809980fab1f1579ab3bd504caca1fa13 /ops
parent	2fe8d724d7cbc86c68c62ed6233e7b982566ad4d (diff)