cluster/services/cachix-deploy-agent: use cluster secrets

2024-07-08 16:17:47 +02:00 · 2024-07-08 16:17:47 +02:00 · 804e7b0363
commit 804e7b0363
parent 0c4e603e86
7 changed files with 7 additions and 5 deletions
--- a/cluster/services/cachix-deploy-agent/credentials/VEGAS.age
+++ b/cluster/services/cachix-deploy-agent/credentials/VEGAS.age
--- a/cluster/services/cachix-deploy-agent/credentials/checkmate.age
+++ b/cluster/services/cachix-deploy-agent/credentials/checkmate.age
--- a/cluster/services/cachix-deploy-agent/credentials/grail.age
+++ b/cluster/services/cachix-deploy-agent/credentials/grail.age
--- a/cluster/services/cachix-deploy-agent/credentials/prophet.age
+++ b/cluster/services/cachix-deploy-agent/credentials/prophet.age
--- a/cluster/services/cachix-deploy-agent/credentials/thunderskin.age
+++ b/cluster/services/cachix-deploy-agent/credentials/thunderskin.age
--- a/cluster/services/cachix-deploy-agent/agent.nix
+++ b/cluster/services/cachix-deploy-agent/agent.nix
@ -1,11 +1,9 @@
-{ config, depot, ... }:
+{ cluster, depot, ... }:

 {
-  age.secrets.cachixDeployToken.file = ./credentials/${config.networking.hostName}.age;
-
  services.cachix-agent = {
    enable = true;
-    credentialsFile = config.age.secrets.cachixDeployToken.path;
+    credentialsFile = cluster.config.services.cachix-deploy-agent.secrets.token.path;
    package = depot.packages.cachix;
  };
 }
--- a/cluster/services/cachix-deploy-agent/default.nix
+++ b/cluster/services/cachix-deploy-agent/default.nix
@ -1,6 +1,10 @@
 {
-  services.cachix-deploy-agent = {
+  services.cachix-deploy-agent = { config, ... }: {
    nodes.agent = [ "checkmate" "grail" "prophet" "VEGAS" "thunderskin" ];
    nixos.agent = ./agent.nix;
+    secrets.token = {
+      nodes = config.nodes.agent;
+      shared = false;
+    };
  };
 }