From 8e08dd69705d07c3e4782856b49e3732f273703f Mon Sep 17 00:00:00 2001 From: Aspen Smith Date: Thu, 18 Jan 2024 10:32:03 -0500 Subject: feat(grfn/system): Add windtunnel bot github token secret Change-Id: Ib67526e782fe0bedecd24d9c48dcf189fb8b5b02 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10664 Reviewed-by: aspen Autosubmit: aspen Tested-by: BuildkiteCI --- users/grfn/secrets/secrets.nix | 1 + users/grfn/secrets/windtunnel-bot-github-token.age | 11 +++++++++++ users/grfn/system/system/machines/mugwump.nix | 8 +++++++- 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 users/grfn/secrets/windtunnel-bot-github-token.age (limited to 'users/grfn') diff --git a/users/grfn/secrets/secrets.nix b/users/grfn/secrets/secrets.nix index 448dbba1fd1a..5bfb1c3eb08c 100644 --- a/users/grfn/secrets/secrets.nix +++ b/users/grfn/secrets/secrets.nix @@ -11,4 +11,5 @@ in "ddclient-password.age".publicKeys = [ grfn mugwump ]; "buildkite-ssh-key.age".publicKeys = [ grfn mugwump ogopogo ]; "buildkite-token.age".publicKeys = [ grfn mugwump ogopogo ]; + "windtunnel-bot-github-token.age".publicKeys = [ grfn mugwump ogopogo ]; } diff --git a/users/grfn/secrets/windtunnel-bot-github-token.age b/users/grfn/secrets/windtunnel-bot-github-token.age new file mode 100644 index 000000000000..daae99958276 --- /dev/null +++ b/users/grfn/secrets/windtunnel-bot-github-token.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 CpJBgQ YaZ2VHyXofn2qnxRrOYO4yPPu77BEPFq/cbnfa+5WAA +VgJQoyJVxirvASD0aDsuzmbNJdIP0kpHa5b72Ri7kr8 +-> ssh-ed25519 LfBFbQ cXXW3kQzZL7sU4heujIJGzvfpbX0toL2AgsJl5AZPEg +mhkKn69c/QeCJhYAFgx/MsHrIrXim3OcjkZ/rrckVLs +-> ssh-ed25519 GeE7sQ /XcP3pWg+aKF1F0sPu6RpYv3Rfj2J/QI0yjg3Wgfjm0 +d+rsgbMlDJx0VrjD4/nO4UcM10hcrLxcPA3QlY1t7sQ +-> "0?-grease k}d?h6 |v +7mV6AFUdCMCrkmLVQaWJPQ +--- I9Ls9AWMkSFCKw7y4pLoTkeGw7h5iROwXLuUm0nfuj8 +~‚v‰8‚&‚ü£¹3\²Òý.»%$¼›Éº°³tòóˆØQ©ˆÀ¨á”Åé¼Íœ}ˆ—ó,BEÇh w96”çö?ÓU \ No newline at end of file diff --git a/users/grfn/system/system/machines/mugwump.nix b/users/grfn/system/system/machines/mugwump.nix index 5b3cf1204904..3d4de5df1d87 100644 --- a/users/grfn/system/system/machines/mugwump.nix +++ b/users/grfn/system/system/machines/mugwump.nix @@ -96,6 +96,12 @@ with lib; group = "keys"; mode = "0440"; }; + + windtunnel-bot-github-token = { + file = secret "windtunnel-bot-github-token"; + group = "keys"; + mode = "0440"; + }; }; services.fail2ban = { @@ -295,6 +301,6 @@ with lib; users.users."buildkite-agent-mugwump-1" = { isSystemUser = true; - extraGroups = [ "docker" ]; + extraGroups = [ "docker" "keys" ]; }; } -- cgit 1.4.1