diff options
Diffstat (limited to 'ops')
-rw-r--r-- | ops/machines/whitby/default.nix | 6 | ||||
-rw-r--r-- | ops/modules/tvl-buildkite.nix | 2 | ||||
-rw-r--r-- | ops/secrets/buildkite-agent-token.age | 10 | ||||
-rw-r--r-- | ops/secrets/secrets.nix | 1 |
4 files changed, 18 insertions, 1 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index d6d3004ffc34..c066fa400fe3 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -210,6 +210,12 @@ in { clbot.file = secretFile "clbot"; gerrit-queue.file = secretFile "gerrit-queue"; owothia.file = secretFile "owothia"; + + buildkite-agent-token = { + file = secretFile "buildkite-agent-token"; + mode = "0440"; + group = "buildkite-agents"; + }; }; # Automatically collect garbage from the Nix store. diff --git a/ops/modules/tvl-buildkite.nix b/ops/modules/tvl-buildkite.nix index 56e49c991238..1f0d4e2e7abe 100644 --- a/ops/modules/tvl-buildkite.nix +++ b/ops/modules/tvl-buildkite.nix @@ -33,7 +33,7 @@ in { value = { inherit name; enable = true; - tokenPath = "/etc/secrets/buildkite-agent-token"; + tokenPath = "/run/agenix/buildkite-agent-token"; runtimePackages = with pkgs; [ curl jq ]; hooks.post-command = "${buildkiteHooks}/bin/post-command"; }; diff --git a/ops/secrets/buildkite-agent-token.age b/ops/secrets/buildkite-agent-token.age new file mode 100644 index 000000000000..27ed2282b890 --- /dev/null +++ b/ops/secrets/buildkite-agent-token.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 dcsaLw TEQdP/s+YdThYzunL0Fxs7ccPR+qjxd9IJdtkVjX3jI +ZnnD2KIMunt9Qgs2zJFMeMuoj2l0NKZlMO2WweLnkx8 +-> ssh-ed25519 OkGqLg wIAe9VrOPFrheQAKmMjumuX92H0dEAbqJe/IuNvp4TM +AYoLx7LdZEqoOECgmPutF6T+P/lUqO7GKf7w61YgQbg +-> t-grease vGPB i +qH3ME5lUwm8DmZYeo0sP +--- tkaQiyOtKJ4PSuOPxPWK5R6R7YGLSzVd9szY5QubKWI +<;���S��t�/e�C�{_��ec���@��� ��F��B���H:��A4PV +?q���>3s�+�g �3=bϪ��;u_��� \ No newline at end of file diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix index 308893358dc9..6c9f558e3a36 100644 --- a/ops/secrets/secrets.nix +++ b/ops/secrets/secrets.nix @@ -9,6 +9,7 @@ let default.publicKeys = tazjin ++ [ whitby ]; in { "besadii.age" = default; + "buildkite-agent-token.age" = default; "clbot.age" = default; "gerrit-queue.age" = default; "owothia.age" = default; |