From e3a31b702a18423c825dc647211b2ae586ca8333 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Wed, 25 May 2022 18:17:25 +0200 Subject: feat(whitby): Deploy private SSH key for build agents Change-Id: I5b1dfaaf28e835cac5b897e18b015d90ac3b2857 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5665 Tested-by: BuildkiteCI Reviewed-by: sterni Reviewed-by: grfn --- ops/machines/whitby/default.nix | 6 ++++++ ops/modules/tvl-buildkite.nix | 1 + 2 files changed, 7 insertions(+) diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index 7518e671795b..2078d86491f8 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -248,6 +248,12 @@ in group = "buildkite-agents"; }; + buildkite-private-key = { + file = secretFile "buildkite-ssh-private-key"; + mode = "0440"; + group = "buildkite-agents"; + }; + gerrit-besadii-config = { file = secretFile "besadii"; owner = "git"; diff --git a/ops/modules/tvl-buildkite.nix b/ops/modules/tvl-buildkite.nix index c38687f80f71..4341ef01d744 100644 --- a/ops/modules/tvl-buildkite.nix +++ b/ops/modules/tvl-buildkite.nix @@ -41,6 +41,7 @@ in inherit name; enable = true; tokenPath = config.age.secretsDir + "/buildkite-agent-token"; + privateSshKeyPath = config.age.secretsDir + "/buildkite-private-key"; hooks.post-command = "${buildkiteHooks}/bin/post-command"; runtimePackages = with pkgs; [ -- cgit 1.4.1