diff options
-rw-r--r-- | default.nix | 17 | ||||
-rw-r--r-- | infra/kubernetes/nixery/secrets.yaml | 11 |
2 files changed, 18 insertions, 10 deletions
diff --git a/default.nix b/default.nix index 3b5736a19261..0ace70da5bb0 100644 --- a/default.nix +++ b/default.nix @@ -57,10 +57,19 @@ let }) {}).elmPackages; # Wrap kontemplate to inject the Cloud KMS version of 'pass' - kontemplate = self.writeShellScriptBin "kontemplate" '' - export PATH="${self.tazjin.kms_pass}/bin:$PATH" - exec ${super.kontemplate}/bin/kontemplate $@ - ''; + kontemplate = + let master = super.kontemplate.overrideAttrs(_: { + src = self.fetchFromGitHub { + owner = "tazjin"; + repo = "kontemplate"; + rev = "v1.8.0"; + sha256 = "123mjmmm4hynraq1fpn3j5i0a1i87l265kkjraxxxbl0zacv74i1"; + }; + }); + in self.writeShellScriptBin "kontemplate" '' + export PATH="${self.tazjin.kms_pass}/bin:$PATH" + exec ${master}/bin/kontemplate $@ + ''; # One of Gemma's dependencies is missing in nixpkgs' Quicklisp # package set, it is overlaid locally here. diff --git a/infra/kubernetes/nixery/secrets.yaml b/infra/kubernetes/nixery/secrets.yaml index ec97a29d362a..e9374faa48c1 100644 --- a/infra/kubernetes/nixery/secrets.yaml +++ b/infra/kubernetes/nixery/secrets.yaml @@ -4,6 +4,11 @@ # Not all of the values are actually secret (see the matching) --- apiVersion: v1 +kind: Secret +metadata: + name: nixery-secrets + namespace: kube-public +type: Opaque data: gcs-key.json: {{ passLookup "nixery-gcs-json" | b64enc }} gcs-key.pem: {{ passLookup "nixery-gcs-pem" | b64enc }} @@ -11,9 +16,3 @@ data: id_nixery.pub: {{ insertFile "id_nixery.pub" | b64enc }} known_hosts: {{ insertFile "known_hosts" | b64enc }} ssh_config: {{ insertFile "ssh_config" | b64enc }} -kind: Secret -metadata: - creationTimestamp: null - name: nixery-secrets - selfLink: /api/v1/namespaces/kube-public/secrets/nixery-secrets -type: Opaque |