From 15a3aa6245da1dc7d0abadfa509b016d835a03dd Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sat, 6 Aug 2022 13:50:32 -0700 Subject: feat(hosts/tahoe): add a token for graphql for buildkite agents Change-Id: I17ea0baab0d74888ed1b21342c583495d3f52643 Reviewed-on: https://cl.fcuny.net/c/world/+/705 Tested-by: CI Reviewed-by: Franck Cuny --- hosts/tahoe/secrets/buildkite/graphql.age | 9 +++++++++ hosts/tahoe/secrets/secrets.nix | 7 +++++++ 2 files changed, 16 insertions(+) create mode 100644 hosts/tahoe/secrets/buildkite/graphql.age (limited to 'hosts/tahoe') diff --git a/hosts/tahoe/secrets/buildkite/graphql.age b/hosts/tahoe/secrets/buildkite/graphql.age new file mode 100644 index 0000000..b2b355f --- /dev/null +++ b/hosts/tahoe/secrets/buildkite/graphql.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 dtgBNg 9wM6u3f8tfdhUSmWKZy2aW15Q9NLEt+Q+2r9Zp3c2B8 +rnuasAgCi0UJW28Pjb9BqkwNk0WuHThwvCTNd+tFGkU +-> ssh-ed25519 wtownA Xw4G1YaRMwJ1bwNmjHwFyo6vcI5P8fPg+LKcn29jgVw +1EQrgeDwGjzPpy7oEdnSteyib03CUksd1zGMeZ5DK9o +-> 5zXn-grease %CU]+%WC +gboFw7YNFbVbmAcwdg +--- wcsDAcM1XS+GqGZuaVyK/DmzlInUAXrhflWbfqOFyfk +;–®©åöM1ºÒ|0ÊaÒ¬+u]?Ÿµ›«óÝJ§“øJÍÐÂ’ãQº­V*Zx—Ó£.š ½îTÄ_hܲ \ No newline at end of file diff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix index d3571f4..390f2b6 100644 --- a/hosts/tahoe/secrets/secrets.nix +++ b/hosts/tahoe/secrets/secrets.nix @@ -22,6 +22,13 @@ in mode = "0440"; }; + "buildkite/graphql.age" = { + publicKeys = all; + owner = "buildkite-agent-builder-1"; + group = "buildkite-agents"; + mode = "0440"; + }; + # the owner is gerrit, but we also want the builders to access this # configuration. "gerrit/hooks.age" = { -- cgit 1.4.1