about summary refs log tree commit diff
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2022-06-04 18:10:41 -0700
committerFranck Cuny <franck@fcuny.net>2022-06-04 18:14:20 -0700
commit20b3c856139d363be81a90010b53a646a41a1627 (patch)
tree244820a104f3c7bfef7c046eef06ca7f7287ba67
parentref(drone): remove secret and CLI for drone (diff)
downloadworld-20b3c856139d363be81a90010b53a646a41a1627.tar.gz
fix(secrets): set the owner for buildkite agent secrets
There's one user per agent. If we don't set an owner for that file, it
will be owned by root. Let's set the ownership to the first builder.

Change-Id: I1270e6858c0bf2797bd12c2557d84a494cef5081
Reviewed-on: https://cl.fcuny.net/c/world/+/281
Reviewed-by: Franck Cuny <franck@fcuny.net>
-rw-r--r--hosts/tahoe/secrets/secrets.nix1
1 files changed, 1 insertions, 0 deletions
diff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix
index 96d96d6..8776e6a 100644
--- a/hosts/tahoe/secrets/secrets.nix
+++ b/hosts/tahoe/secrets/secrets.nix
@@ -16,6 +16,7 @@ in {
   # see https://buildkite.com/docs/agent/v3/tokens
   "buildkite/agent.age" = {
     publicKeys = all;
+    owner = "buildkite-agent-builder-1";
     group = "buildkite-agents";
     mode = "0440";
   };