From 4b788757260db1fd8afc6281c2557c95fcd9de19 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Fri, 9 Apr 2021 17:36:57 +0200
Subject: feat(tvl-buildkite): Add all buildkite agent users to a local group

This lets us grant permissions to them, e.g. on local folders.

Change-Id: I823ac414be1cb7d6baa4f17d95003709e5911b04
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2905
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
---
 ops/nixos/tvl-buildkite.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'ops')

diff --git a/ops/nixos/tvl-buildkite.nix b/ops/nixos/tvl-buildkite.nix
index 48515f6c80..4ea92b6eea 100644
--- a/ops/nixos/tvl-buildkite.nix
+++ b/ops/nixos/tvl-buildkite.nix
@@ -32,5 +32,14 @@ in {
         hooks.post-command = "${buildkiteHooks}/bin/post-command";
       };
     }) agents);
+
+    # Set up a group for all Buildkite agent users
+    users = {
+      groups.buildkite-agents = {};
+      users = builtins.listToAttrs (map (n: {
+        name = "buildkite-agent-whitby-${toString n}";
+        value.extraGroups = [ "buildkite-agents" ];
+      }) agents);
+    };
   };
 }
-- 
cgit 1.4.1