about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--default.nix17
-rw-r--r--infra/kubernetes/nixery/secrets.yaml11
2 files changed, 18 insertions, 10 deletions
diff --git a/default.nix b/default.nix
index 3b5736a19261..0ace70da5bb0 100644
--- a/default.nix
+++ b/default.nix
@@ -57,10 +57,19 @@ let
     }) {}).elmPackages;
 
     # Wrap kontemplate to inject the Cloud KMS version of 'pass'
-    kontemplate = self.writeShellScriptBin "kontemplate" ''
-      export PATH="${self.tazjin.kms_pass}/bin:$PATH"
-      exec ${super.kontemplate}/bin/kontemplate $@
-    '';
+    kontemplate =
+      let master = super.kontemplate.overrideAttrs(_: {
+        src = self.fetchFromGitHub {
+          owner = "tazjin";
+          repo = "kontemplate";
+          rev = "v1.8.0";
+          sha256 = "123mjmmm4hynraq1fpn3j5i0a1i87l265kkjraxxxbl0zacv74i1";
+        };
+      });
+      in self.writeShellScriptBin "kontemplate" ''
+        export PATH="${self.tazjin.kms_pass}/bin:$PATH"
+        exec ${master}/bin/kontemplate $@
+      '';
 
     # One of Gemma's dependencies is missing in nixpkgs' Quicklisp
     # package set, it is overlaid locally here.
diff --git a/infra/kubernetes/nixery/secrets.yaml b/infra/kubernetes/nixery/secrets.yaml
index ec97a29d362a..e9374faa48c1 100644
--- a/infra/kubernetes/nixery/secrets.yaml
+++ b/infra/kubernetes/nixery/secrets.yaml
@@ -4,6 +4,11 @@
 # Not all of the values are actually secret (see the matching)
 ---
 apiVersion: v1
+kind: Secret
+metadata:
+  name: nixery-secrets
+  namespace: kube-public
+type: Opaque
 data:
   gcs-key.json: {{ passLookup "nixery-gcs-json" | b64enc }}
   gcs-key.pem: {{ passLookup "nixery-gcs-pem" | b64enc }}
@@ -11,9 +16,3 @@ data:
   id_nixery.pub: {{ insertFile "id_nixery.pub" | b64enc }}
   known_hosts: {{ insertFile "known_hosts" | b64enc }}
   ssh_config: {{ insertFile "ssh_config" | b64enc }}
-kind: Secret
-metadata:
-  creationTimestamp: null
-  name: nixery-secrets
-  selfLink: /api/v1/namespaces/kube-public/secrets/nixery-secrets
-type: Opaque