From 804e7b03634c96b11ae5dbf9f95feefbcd51f455 Mon Sep 17 00:00:00 2001 From: Max Date: Mon, 8 Jul 2024 16:17:47 +0200 Subject: [PATCH] cluster/services/cachix-deploy-agent: use cluster secrets --- .../cachix-deploy-agent-token-VEGAS.age} | 0 .../cachix-deploy-agent-token-checkmate.age} | 0 .../cachix-deploy-agent-token-grail.age} | Bin .../cachix-deploy-agent-token-prophet.age} | 0 .../cachix-deploy-agent-token-thunderskin.age} | Bin cluster/services/cachix-deploy-agent/agent.nix | 6 ++---- cluster/services/cachix-deploy-agent/default.nix | 6 +++++- 7 files changed, 7 insertions(+), 5 deletions(-) rename cluster/{services/cachix-deploy-agent/credentials/VEGAS.age => secrets/cachix-deploy-agent-token-VEGAS.age} (100%) rename cluster/{services/cachix-deploy-agent/credentials/checkmate.age => secrets/cachix-deploy-agent-token-checkmate.age} (100%) rename cluster/{services/cachix-deploy-agent/credentials/grail.age => secrets/cachix-deploy-agent-token-grail.age} (100%) rename cluster/{services/cachix-deploy-agent/credentials/prophet.age => secrets/cachix-deploy-agent-token-prophet.age} (100%) rename cluster/{services/cachix-deploy-agent/credentials/thunderskin.age => secrets/cachix-deploy-agent-token-thunderskin.age} (100%) diff --git a/cluster/services/cachix-deploy-agent/credentials/VEGAS.age b/cluster/secrets/cachix-deploy-agent-token-VEGAS.age similarity index 100% rename from cluster/services/cachix-deploy-agent/credentials/VEGAS.age rename to cluster/secrets/cachix-deploy-agent-token-VEGAS.age diff --git a/cluster/services/cachix-deploy-agent/credentials/checkmate.age b/cluster/secrets/cachix-deploy-agent-token-checkmate.age similarity index 100% rename from cluster/services/cachix-deploy-agent/credentials/checkmate.age rename to cluster/secrets/cachix-deploy-agent-token-checkmate.age diff --git a/cluster/services/cachix-deploy-agent/credentials/grail.age b/cluster/secrets/cachix-deploy-agent-token-grail.age similarity index 100% rename from cluster/services/cachix-deploy-agent/credentials/grail.age rename to cluster/secrets/cachix-deploy-agent-token-grail.age diff --git a/cluster/services/cachix-deploy-agent/credentials/prophet.age b/cluster/secrets/cachix-deploy-agent-token-prophet.age similarity index 100% rename from cluster/services/cachix-deploy-agent/credentials/prophet.age rename to cluster/secrets/cachix-deploy-agent-token-prophet.age diff --git a/cluster/services/cachix-deploy-agent/credentials/thunderskin.age b/cluster/secrets/cachix-deploy-agent-token-thunderskin.age similarity index 100% rename from cluster/services/cachix-deploy-agent/credentials/thunderskin.age rename to cluster/secrets/cachix-deploy-agent-token-thunderskin.age diff --git a/cluster/services/cachix-deploy-agent/agent.nix b/cluster/services/cachix-deploy-agent/agent.nix index 83b82a0..6be4cfc 100644 --- a/cluster/services/cachix-deploy-agent/agent.nix +++ b/cluster/services/cachix-deploy-agent/agent.nix @@ -1,11 +1,9 @@ -{ config, depot, ... }: +{ cluster, depot, ... }: { - age.secrets.cachixDeployToken.file = ./credentials/${config.networking.hostName}.age; - services.cachix-agent = { enable = true; - credentialsFile = config.age.secrets.cachixDeployToken.path; + credentialsFile = cluster.config.services.cachix-deploy-agent.secrets.token.path; package = depot.packages.cachix; }; } diff --git a/cluster/services/cachix-deploy-agent/default.nix b/cluster/services/cachix-deploy-agent/default.nix index 4f8d537..e816bed 100644 --- a/cluster/services/cachix-deploy-agent/default.nix +++ b/cluster/services/cachix-deploy-agent/default.nix @@ -1,6 +1,10 @@ { - services.cachix-deploy-agent = { + services.cachix-deploy-agent = { config, ... }: { nodes.agent = [ "checkmate" "grail" "prophet" "VEGAS" "thunderskin" ]; nixos.agent = ./agent.nix; + secrets.token = { + nodes = config.nodes.agent; + shared = false; + }; }; }