about summary refs log tree commit diff
path: root/hosts/tahoe/secrets/secrets.nix (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-06-09fix(secrets): buildKite agents can read gerrit secretsFranck Cuny1-0/+4
We need to ensure the agents can read the secrets / tokens to vote after a build. Change-Id: I066c2482a795b21badaa9cc3c525373d7945b084 Reviewed-on: https://cl.fcuny.net/c/world/+/341 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09feat(gerrit-hook): propagate gerrit information in the environmentFranck Cuny1-3/+17
The buildKite agents need this information in order to vote after a build. Change-Id: If03ba51d55f4d1155c6b7fdadace3b4643480258 Reviewed-on: https://cl.fcuny.net/c/world/+/342 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09feat(buildkite): configure the post-command hookFranck Cuny1-0/+12
Change-Id: I7b00987382ef05e032d88cf00e916cdc27511eb1 Reviewed-on: https://cl.fcuny.net/c/world/+/306 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09feat(gerrit): update CL when buildKite build is finishedFranck Cuny2-0/+46
buildKite can call specific hooks at various stages ([1]). We add a hook to run after each command. For now we only care if the label of the command is `:hammer:', since this is what we've defined for our pipeline. After a successful build, the agent will post a review with +1 if it's a success, or -1 if the build results in failure. [1] https://buildkite.com/docs/agent/v3/hooks#job-lifecycle-hooks Change-Id: I6b2b886c13e6f23ddbc96fd3e865f0d50d625446 Reviewed-on: https://cl.fcuny.net/c/world/+/305 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09feat(gtk): add bookmarksFranck Cuny1-0/+2
Change-Id: Icb3bd8cf01850aa9d35fd574cc18543df5b71fca Reviewed-on: https://cl.fcuny.net/c/world/+/304 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09ref(zsh): ensure home-manager variables are set before starting swayFranck Cuny2-6/+10
Change-Id: I820a636bcdeb6abf7ff8a25ec409c08916e94c42 Reviewed-on: https://cl.fcuny.net/c/world/+/303 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09ref(git): remove git.fcuny.net from configurationFranck Cuny1-1/+0
I don't have credentials for that URL anymore, everything goes through cl.fcuny.net. Change-Id: I2361444c2ea42679ab4f28758f708e53eb9c8c06 Reviewed-on: https://cl.fcuny.net/c/world/+/302 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09fix(pass-git-helper): remove mapping for git.fcuny.netFranck Cuny1-4/+1
Change-Id: I5211647802a08e9984dffb6247249ec608688d8c Reviewed-on: https://cl.fcuny.net/c/world/+/301 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09feat(gerrit): add plugin 'reviewnotes'Franck Cuny1-1/+9
This plugin stores review information for Gerrit changes in the `refs/notes/review' branch. Change-Id: I51c7fe1f8764617e0bff5455d3fe713b0e2f446e Reviewed-on: https://cl.fcuny.net/c/world/+/300 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09ref(nix): move the mkSystem function to its own fileFranck Cuny3-47/+31
Make the default system be x86-linux. Change-Id: I13e00e4d4cb8b7c49cc549509e37a6d0f022a051 Reviewed-on: https://cl.fcuny.net/c/world/+/299 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09ref(nix): rename lib/ to nix/Franck Cuny3-1/+1
Change-Id: If1e608b89b39bd5a53a37b873833a7ea881cb418 Reviewed-on: https://cl.fcuny.net/c/world/+/298 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09ref(profiles): get rid of all the profilesFranck Cuny10-50/+30
All the modules that are setup by the profiles are now managed at the host level. This simplify some configuration, and will make it easier to adjust things at the host instead of trying to squeeze everything into profiles. This will also help the refactoring later, when I'll split nixos and home-manager configuration. Change-Id: I17ffda8b0b5d15bf1915c6fae5030380523d74b5 Reviewed-on: https://cl.fcuny.net/c/world/+/297 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09ref(GTK): remove the profile for GTKFranck Cuny7-18/+10
All the configuration is done at the host level. Change-Id: Ib5ef71ea7955f6872fb08f576e48b24a70600693 Reviewed-on: https://cl.fcuny.net/c/world/+/296 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09ref(home): structure and add commentsFranck Cuny3-36/+75
Change-Id: I9abd49136df79a9ed040c9ec0e12eea30736c9ff Reviewed-on: https://cl.fcuny.net/c/world/+/295 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09ref(desktop): move all the modules for home-manager to host levelFranck Cuny3-11/+18
Change-Id: I92abe7d6c9a1f7c5ef3f157137c59cde751d50f0 Reviewed-on: https://cl.fcuny.net/c/world/+/294 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09ref(trusted): consume modules within host's configurationFranck Cuny6-27/+24
Remove the trusted profiles, the modules are installed directly within the host configuration. Change-Id: I0566fb359803da16bdd3a38e2901deac477fb078 Reviewed-on: https://cl.fcuny.net/c/world/+/293 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09ref(multimedia): move multimedia modules to hostsFranck Cuny5-17/+10
Consume the modules related to multimedia applications at the host level, instead of having a level of indirection with a profile. Change-Id: I567f0e01cbfe591beaa2e9086e33434402a4a002 Reviewed-on: https://cl.fcuny.net/c/world/+/292 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09ref(sane): move sane's configuration to correct placeFranck Cuny2-3/+3
Change-Id: Ibb55ee455423c101fb6d3e62a2e9e4593682cf16 Reviewed-on: https://cl.fcuny.net/c/world/+/291 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09ref(laptop): move services related to laptop to host's configurationFranck Cuny4-18/+7
As for the bluetooth configuration, we don't need that level of indirection. The laptop can consume these services directly, and we can drop the profile for laptop. Change-Id: Ia434d336ae581bd040fbc4963e5856806183d55e Reviewed-on: https://cl.fcuny.net/c/world/+/290 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-09ref(bluetooth): remove the profileFranck Cuny4-14/+3
I don't need a profile for this, the module can be consumed directly from the host's hardware configuration. It removes one level of indirection and helps us toward the goal of completely removing all the profiles. Change-Id: I95a6fdc985420e7fe0ad737e7576d10d5c7eb114 Reviewed-on: https://cl.fcuny.net/c/world/+/289 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-04fix(gerrit-hook): update the configuration with correct URLFranck Cuny1-10/+12
Change-Id: Iae8860631a9d313d5b4f78d171d0dfebc6ef6ff9 Reviewed-on: https://cl.fcuny.net/c/world/+/283 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-04fix(secrets): pass group and mode to agenixFranck Cuny1-2/+8
It took me a while to understand why the group and mode were not set correctly for the buildkite agent secrets. This module is an abstraction on top of agenix to modify the filename and ensure that the owner of the file is actually defined in the configuration. This was not passing the group and mode to agenix, which is why these values were never set. This change modify the library to check that the group exists (as we do for the user), and pass the mode down. Change-Id: I7f8545868986110ad92fa63ef8efe4cd3bbd9b0f Reviewed-on: https://cl.fcuny.net/c/world/+/282 Reviewed-by: Franck Cuny <franck@fcuny.net>
2022-06-04fix(secrets): set the owner for buildkite agent secretsFranck Cuny1-0/+1
There's one user per agent. If we don't set an owner for that file, it will be owned by root. Let's set the ownership to the first builder. Change-Id: I1270e6858c0bf2797bd12c2557d84a494cef5081 Reviewed-on: https://cl.fcuny.net/c/world/+