From 6c3585f76425687324275dbbff6098886479c6b6 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Sun, 11 Apr 2021 17:46:37 +0200
Subject: fix(tvl-buildkite): Set agents' primary group to buildkite-agents

This ensures files created by the Buildkite agents are always owned by
the same group, without having to manually chgrp afterwards.

Change-Id: Idbaedec43c16b2ee137d1a95719a05d46db8f900
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2929
Reviewed-by: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
---
 ops/nixos/tvl-buildkite.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'ops/nixos/tvl-buildkite.nix')

diff --git a/ops/nixos/tvl-buildkite.nix b/ops/nixos/tvl-buildkite.nix
index c6dcbd3bc1e8..2aa3b81811f4 100644
--- a/ops/nixos/tvl-buildkite.nix
+++ b/ops/nixos/tvl-buildkite.nix
@@ -36,9 +36,12 @@ in {
     # Set up a group for all Buildkite agent users
     users = {
       groups.buildkite-agents = {};
-      users = builtins.listToAttrs (map (n: {
+      users = builtins.listToAttrs (map (n: rec {
         name = "buildkite-agent-whitby-${toString n}";
-        value.extraGroups = [ "buildkite-agents" ];
+        value = {
+          group = lib.mkForce "buildkite-agents";
+          extraGroups = [ name ];
+        };
       }) agents);
     };
   };
-- 
cgit 1.4.1