feat(grfn/system): Add windtunnel bot github token secret r/7420

Change-Id: Ib67526e782fe0bedecd24d9c48dcf189fb8b5b02 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10664 Reviewed-by: aspen <root@gws.fyi> Autosubmit: aspen <root@gws.fyi> Tested-by: BuildkiteCI
author: Aspen Smith <root@gws.fyi> 2024-01-18T15·32-0500
committer: aspen <root@gws.fyi> 2024-01-18T17·24+0000
commit: 8e08dd69705d07c3e4782856b49e3732f273703f (patch)
tree: 6a6849e7a4b6f62b42f6773c9db79bc21d2f7659 /users/grfn/system/system/machines/mugwump.nix
parent: f169a56ad60514fd74f8d23b326f634b387b443b (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/users/grfn/system/system/machines/mugwump.nix b/users/grfn/system/system/machines/mugwump.nix
index 5b3cf12049..3d4de5df1d 100644
--- a/users/grfn/system/system/machines/mugwump.nix
+++ b/users/grfn/system/system/machines/mugwump.nix
@@ -96,6 +96,12 @@ with lib;
         group = "keys";
         mode = "0440";
       };
+
+      windtunnel-bot-github-token = {
+        file = secret "windtunnel-bot-github-token";
+        group = "keys";
+        mode = "0440";
+      };
     };
 
   services.fail2ban = {
@@ -295,6 +301,6 @@ with lib;
 
   users.users."buildkite-agent-mugwump-1" = {
     isSystemUser = true;
-    extraGroups = [ "docker" ];
+    extraGroups = [ "docker" "keys" ];
   };
 }
author	Aspen Smith <root@gws.fyi>	2024-01-18T15·32-0500
committer	aspen <root@gws.fyi>	2024-01-18T17·24+0000
commit	8e08dd69705d07c3e4782856b49e3732f273703f (patch)
tree	6a6849e7a4b6f62b42f6773c9db79bc21d2f7659 /users/grfn/system/system/machines/mugwump.nix
parent	f169a56ad60514fd74f8d23b326f634b387b443b (diff)