From 45af3167b2a52099b5b04067d7883452df69f0cb Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Fri, 19 Apr 2024 18:00:58 +0200
Subject: [PATCH] cluster/services/hercules-ci-multi-agent: use garage

---
 .../hercules-ci-multi-agent/default.nix       |  11 ++++++++++
 .../secrets/hci-cache-config.age              | Bin 966 -> 901 bytes
 .../secrets/hci-cache-credentials-VEGAS.age   | Bin 593 -> 574 bytes
 .../secrets/hci-cache-credentials-prophet.age |  19 ++++++++----------
 4 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/cluster/services/hercules-ci-multi-agent/default.nix b/cluster/services/hercules-ci-multi-agent/default.nix
index def9c2a..af27647 100644
--- a/cluster/services/hercules-ci-multi-agent/default.nix
+++ b/cluster/services/hercules-ci-multi-agent/default.nix
@@ -22,4 +22,15 @@
       ];
     };
   };
+  garage = let
+    hciAgentKeys = lib.pipe config.services.hercules-ci-multi-agent.nodes [
+      (lib.collect lib.isList)
+      lib.flatten
+      lib.unique
+      (map (x: "hci-agent-${x}"))
+    ];
+  in {
+    keys = lib.genAttrs hciAgentKeys (lib.const {});
+    buckets.nix-store.allow = lib.genAttrs hciAgentKeys (lib.const [ "read" "write" ]);
+  };
 }
diff --git a/cluster/services/hercules-ci-multi-agent/secrets/hci-cache-config.age b/cluster/services/hercules-ci-multi-agent/secrets/hci-cache-config.age
index e7867ab9bea6f0e5ce80cf69490b2ce5fbbe9d65..cfb9ee30e262bf5d044a74716213ed8177f3172d 100644
GIT binary patch
delta 832
zcmV-G1Hb&n2ZaZaEPrTGIb&*BG&ELXWOzw-a70!!cX=y8RdjGcFh?t9Oh-vnF*R&&
zL3LtoYYJ;JGgviiWi>G?b3`#`Ge&VSN_R*}S!8caD|u;2VRukPY*<2cO+-O(Gzu*~
zAaiqQEoEdfH8n9gAT=*~R4{iSXjXSOHC1CPS2k{GS94-{PexN!R7^EiF;!77X?HYd
zc5_K|VPz{qQf+H@3NJ}XXfHNNG-yImLN;$QQ%-YjI8SCsWi(h)axyebcUDnLXisV|
zGBS8~k?|K-IZbXhPBw8=Wk@!2X>?&}G<sSqdO1&HR!~wjQA}_#Q)NkHY+^N7dO}qS
zZbeTrT0&(uWMot|I73%%bysC^Om{FZYFbHZFm-e`YGh$ccq>kFd3I-$UjY|?R76sG
zT1#4RWiWboYBF?LbTfE1N>xT-Gcqw`H%C!ZNK9>0D|tjxT1I0EXHHf$VsuSHR5U?E
zQ&eO&Z8LL9OL{S9D{NRzFmOR+FK={mOhsZySTt1%EiEk|aW{E+R&iN%Y;{*;Om1vd
zLN706a&2W<axi!=PBc_EGcav`Z*DPRaCCQ73fM`%7-jdO<rWuQBxJGUDGXMgH-arg
ziNjR%pNU4ZD9>oR8M5oB(7esPswAKQ%4r-PN3DJl{&A%vz<)%EDbxrJCU-fX^`Ri{
z%0@V9WS-<kvWN8ENURCMNkz-x(c@@eatcuBKdm8tPC-B*ynvnXC`^=puY`trThpPN
z`+QG|sqB6+dp;hf+kE^HoBWIr<V4(Wlti#_$m&PT)G_-d%P9RcH;Py5*AUyOQ42;T
z!_S%v-5s#5p)>3k5^|;aM0M?CzKQ(Nt!D_8Hn(JBT<%ViV}gfl<`3f{8QI55@ek5>
zD3k0}8cHUX&@d<Se=(7NCZYquW~u`n({IzYynYbgljP6$URxZlrfDyFL$@MUW}V?q
zr@vo#Sf7Pj6JNzWXMR&{#CMoisd}SN<e5}>Af$EO#9la<XCGT^JTnN9`3vfctHQ0y
z8*;Aw4SdIwG%&|neA?$|c3jtqLbLvqL7?>r6vw@X1wj{F9uYVbtu<W2246Pf_VN-w
K3m5lHfl6~yh)-Dn

delta 897
zcmV-{1AhF42gV1GEPpRkD?)cPFKRR|Mn+XQb#gIzW<^M3PcL+EH(_B}FiCZ1Fh@*H
zNK-g%RSHZnb}?s5PDwI2MQvg)WI=3Mc|k8>F-K)Kb#7EsVpdT>ae8-RI5%!_FbXX`
zAaiqQEoEdfH8n9gAT=*~R4{iSHc(MDV=-7mc`|8qV=;4XGe$9PHB4}EG-YKsOnFO3
zPf%)gZ((&ZF)=bl3Q;t3b2NEcS9n!6D=RTdc1CJ;XK`^eWk*&`R&P{pMNCL&a!NN!
zWKv{Rk?|K-O=)#RQ$jLpcWGH?GEQz{G*wMyGAl=FW=d&CF-KTXcT7rjL1S7>Wic=c
zL{LR)YE3U?F-K5iXhK0oVL3xZN^MkgLUcwrGcsdELRU~SLt|_!acf1BUjY|?bU1oB
zH8wS7RB3s2Vl;V2LRoV;MNLj*M{#mURdG#nV`EThGi6q4H&;;#X<0^ZSaWn&Pi;qG
zF>+61c5X0waz{pTLpfJ?S6WziY(he2K|^Y8Z%<7MEj}P_EoX9NVRL05cyLt;W>zsW
zaWz;sYe7_RR77hpdSX>KHAiTFLQ-aHY;0^XGBj*Scz0GpPYNw9Eg(fsO+i6=O*46A
zQ&MAUcX&=#M^JAoNk~s_V`5fEGdDIyV@WkhModaIK?<4Hsil9!`gGP_62xE>*+5ka
zzX6ZPw%n+kAmTvQH{==gix&5U*q|&Er|-JKMI3M`MXM5{%n&^A^phxmFO~{b0q;)o
zD@ZMJ{NYFl>opATGD=r885MR8j@_t*%v;xDOZQRYzLANBp5aL&n)uOFj>5MGiyKSB
zLjl^1_UxzgU=*W|xYcwf5yVCFlLg)2jN65Zge?P-<%h%T2~(_qVR6(=0o19s$1wR1
z`cPn}|GH;TLXsOrM%BrGyv_+h*!$YuG{_XT)GkjS1&8vG?R7#V$M6jLNviNGdqMeh
z>X5nzq8)Ax0O@{k*G($Il83zjD1JmnQA>DAxsiV}!$`dc{X+{mz6mFXmh)7URMnzM
z89eSq&hCVDE)xzU<7kP|(TD*RAuuB$IF&!hiD*EuZ{9B9@T*N!+0y46_}bkeNT0{R
zqSF)rK{_Q6IDX;g$i3!TO(M0MEP&d`BI-)EUcBd|D=S)Y<IuM2Ea(N{fn@3vKLb`T
X$6wgnkagdz!4Z$Kq_Z?IaVYDQ%u#2R

diff --git a/cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-VEGAS.age b/cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-VEGAS.age
index 2a98c9f2a5c4f1b97e3895df44e48a62776f350d..93550c489648cd9e7956f417668822377772687a 100644
GIT binary patch
delta 521
zcmV+k0`~pU1il22EPpdpS5j|nR7Y@BT5M-cL@zUEW<^yuNKR){ZAVfwab+=ZRdF>)
zNOpL5O$vEVH7{&udR1CNLrhL9ZB0scGGS<LN^nzlNH0%NMKn%GOJrwuYFKn@RSGRW
zAaiqQEoEdfH8n9gAT=*~R4{iSL{(=&G-gvXV{l1HOgV99bw)NsG)Z+US$R!*FgQa*
zc4sqmQ8h4kQdD<I3Tb(8M@C0OZaG7AYH&tTXHh{#MMX<9WKVT*PBm+Gct%%IO?i4S
zGjUIMk?|LQSyfFnbag{vNmX}5O=2)bcXL%zZc$k`O-5KtYb$JKZ8=wVYEW-ST4zxT
zW=>deF;q-+I74J}Z)rhFP;7E-VoX|BH%4}CFj7)WOE7eDGgCE1bU||pEiEk|XiI8Y
zL{&9Wa%6aEb8uR3HcW3)V@q;XNnu$wX?8_sO=ft1S6O&kc42ui3VpVtzV&y2^#gg6
zM|pztHtgEiS%saS`kIr{eKY2RB;vq0UU{%@C;2hi95I54UQ(RiW^}iUeAJr$Wag<s
z3QG_qF1saM_>Ruhy>MT{I37ws73Gt-m;kKga2QlEmVw(UR-y8vYmF~)@iN;6qy;#7
z9trn2kM~6a;9%_+w4Zn{3h62l>+l$}s!*`>aIM-QjliQt174=<#C0l<$X{EU0ffyP
LAM`3K$0~&z?UTwb

delta 540
zcmWm9%WKnc003YZ!$XEAVGac8VJZ?s9!uJVfzqZ;ANjRSmZV982a`5Unn#;9=_3&t
z4#7iVPMPc~KJYT}=nm>d4?|DNZXR~>u!E=v58Fxo{)6xR{FnLdYa8WafiWiJ#1uuf
zVHCZFO|g=#j(tPq!XPJ)hgnSVYIIvBq55hw36t2b`MHe5Yn8l)mv~|T(kez&J;q81
z%^Q_u9EV*9xt<C`8!_7iMd5UcLK6v_q%t*FPdGvsXj-YnaAU$|n>=YLO}WnLK!f{E
zeuXlIKv&}yBzDrc*KbFT9Y;K%v5peB&XnnpN=`sWpo`TC4C-~AK4U%neSU*hCpvB7
zWk%v$7i0k^P4j{(jdHz0SBN8Yok_>Wzga-Ykh3By=9pETs6?^=9{8Cdj}oeAXoM6N
z(Aqj!?G4}rC)?rw$+V1ELsJjUlnwbsvKra>zF!+twusePJsl+8s<{zz8NJ$KTXG~5
zd=^3wB!x=2g$rnfNav@4QA`3guCHrjfg?xtl?(uY&vpRb@CuRuMVFrLEbneTIDEy=
zy*ya_7O7$@q~f3Vd(ZdS$8R#Fo!$a+GP4Tu(jIn99=M&>C+*kQBRxF$aQ59e#Vu(b
zvUbJXX2_%4o10HAUp@SDYnf?YoZVIKyg)yH4=wnn9-Qfs<r`7w<amGU-fUs<(cIhV
WuJdgE_5SvzyEZ&``s3pT^z<+JNWmKb

diff --git a/cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-prophet.age b/cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-prophet.age
index d91c8f4..f8ef7d8 100644
--- a/cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-prophet.age
+++ b/cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-prophet.age
@@ -1,12 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 NO562A XV9fjixDzjYkcTAh/uAWS+vbvqe19HhF1D3ak1g1jiE
-t5PEwAn+I4bJN27fYEZVZQh/SVxQocBMxqxc1O5CCgE
--> ssh-ed25519 5/zT0w 0KuTIG51h+oX3QWZukAjoBVHXE6NxKBcSfDN9u/A2H8
-SGm8Eh5L5ELB3gjmV5pfh3HqDnGrdif0I7mF7ulabW4
--> ssh-ed25519 YIaSKQ bjHZIN85glRN0hdH76iu7kg243enfH6VlX8Yr54FfzM
-0RzxbV9ABYElM2DIfimkvzeVuhobpsiDTH39PgVDTvE
--> 8&39JRT-grease {)Hfc"$ |,#c1\: Vf>^[!hm ;2o>+a"M
-y9JRDuvO1YC61IhxUofWLAYfOEldTR9/SwnGuo7lAbAp8smTrlWO2qVe3Ztp+gQU
-NXZ9K3PaKKm1VWg
---- p75QmGUUBK5sNhkG6zDmEGa5injwKH119i6bHod55+Y
-ªzÕïMç(_b*öj6\Ý‹1CgÁ?ãÐ‚AvÝA¯tŠöx_¶H¯èïø‹ø 5Ï'Ófú*÷Mb¹«„ëŽF¦Ït®,)6ýÈÒÿQf)˜ú¿²šHgBQ~-7•RþçÚ‘?°¡ÑRUßÓòPõÛ(îU¾W>'¨àF«ˆ’B²§ÿOV¸Ÿ¤
\ No newline at end of file
+-> ssh-ed25519 NO562A jNUNRaIQC1DUBiacnWc3xjMUAxnAgiyJhRA74cof3Ec
+oZZq1AQ3F0nvrk7KpinLWgT3cIoCYZ5R1s0us69OI8E
+-> ssh-ed25519 5/zT0w FmoxaTg75/xaDmSOHL5Xs6QOr5rLG/sr5TmPMfkOqxw
+XXQrFxxt5GOzXgJoPY8U71NSYi/IWmL3QrenvOuQ43Q
+-> ssh-ed25519 YIaSKQ ++dqG+dr8ie+4sPW7L+eVkXvOVvM+/oBR722S2sQsSg
+879pmnhOtZ/MiMUwDlyujykQXNmCepI2FSU2QcvvkrA
+--- QcvlVdv2fYMKmT/aCpTjdmGJ+9KnUvZCZNtl7WhgCbw
+ï!jÊwŸ~×f%ÝJ>˜H	³·2ü9¬¥.VhþÅ·²«O!$iÄÝžÔ4\_Ì†J¸„šÀT>²J£‘î8Y´\ÁI³kÕýïk—tŒG(ÃAO¦#ÙÂš“#Ü(·LœøÍáô’0éh=[ÈRîw•Uj¸iVý2ÁÕ(ìÊBGgÔ„^L7fÍÊ«"zVµnÃ‹)ÑõË÷9½ï›<IäõúÃÍw1Š
\ No newline at end of file