feat(hosts/tahoe): add a token for graphql for buildkite agents

Change-Id: I17ea0baab0d74888ed1b21342c583495d3f52643
Reviewed-on: https://cl.fcuny.net/c/world/+/705
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>

2 files changed, 16 insertions, 0 deletions

diff --git a/hosts/tahoe/secrets/buildkite/graphql.age b/hosts/tahoe/secrets/buildkite/graphql.age
new file mode 100644
index 0000000..b2b355f
--- /dev/null
+++ b/hosts/tahoe/secrets/buildkite/graphql.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 dtgBNg 9wM6u3f8tfdhUSmWKZy2aW15Q9NLEt+Q+2r9Zp3c2B8
+rnuasAgCi0UJW28Pjb9BqkwNk0WuHThwvCTNd+tFGkU
+-> ssh-ed25519 wtownA Xw4G1YaRMwJ1bwNmjHwFyo6vcI5P8fPg+LKcn29jgVw
+1EQrgeDwGjzPpy7oEdnSteyib03CUksd1zGMeZ5DK9o
+-> 5zXn-grease %CU]+%WC
+gboFw7YNFbVbmAcwdg
+--- wcsDAcM1XS+GqGZuaVyK/DmzlInUAXrhflWbfqOFyfk
+;–®©åöM1ºÒ|0ÊaÒ¬+u]?Ÿµ›«óÝJ§“øJÍÐÂ’ãQº­V*Zx—Ó£.š
½îTÄ_hܲ
\ No newline at end of file
diff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix
index d3571f4..390f2b6 100644
--- a/hosts/tahoe/secrets/secrets.nix
+++ b/hosts/tahoe/secrets/secrets.nix
@@ -22,6 +22,13 @@ in
     mode = "0440";
   };
 
+  "buildkite/graphql.age" = {
+    publicKeys = all;
+    owner = "buildkite-agent-builder-1";
+    group = "buildkite-agents";
+    mode = "0440";
+  };
+
   # the owner is gerrit, but we also want the builders to access this
   # configuration.
   "gerrit/hooks.age" = {