diff options
| author | lassulus <lass@aidsballs.de> | 2015-12-30 01:43:51 +0100 |
|---|---|---|
| committer | lassulus <lass@aidsballs.de> | 2015-12-30 01:43:51 +0100 |
| commit | 92c4fee6dc10499a9960750abe91c8a4b41eb5d5 (patch) | |
| tree | 1b5c00fd743d226545487126ba9eb149db9b18ad /krebs | |
| parent | 2a0cd63387049350f6de73f609a32a0bf4e49253 (diff) | |
| parent | d574c0ef78f7572aec88e484d3ff6256247e878c (diff) | |
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'krebs')
| -rw-r--r-- | krebs/3modules/buildbot/master.nix | 16 | ||||
| -rw-r--r-- | krebs/3modules/makefu/default.nix | 11 |
2 files changed, 24 insertions, 3 deletions
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index 5870c3145..74385a433 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -132,6 +132,16 @@ let ''; }; + secrets = mkOption { + default = []; + type = types.listOf types.str; + example = [ "cac.json" ]; + description = '' + List of all the secrets in <secrets> which should be copied into the + buildbot master directory. + ''; + }; + slaves = mkOption { default = {}; type = types.attrsOf types.str; @@ -344,10 +354,10 @@ let fi # always override the master.cfg cp ${buildbot-master-config} ${workdir}/master.cfg + # copy secrets - cp ${secretsdir}/cac.json ${workdir} - cp ${secretsdir}/retiolum-ci.rsa_key.priv \ - ${workdir}/retiolum.rsa_key.priv + ${ concatMapStringsSep "\n" + (f: "cp ${secretsdir}/${f} ${workdir}/${f}" ) cfg.secrets } # sanity ${buildbot}/bin/buildbot checkconfig ${workdir} diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 1970a0777..31516d591 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -83,6 +83,9 @@ with lib; ''; }; }; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDM0E608d/6rGzXqGbNSuMb2RlCojCJSiiz6QcPOC2G root@pornocauster"; + }; vbob = { @@ -108,6 +111,8 @@ with lib; ''; }; }; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPLTMl+thSq77cjYa2XF7lz5fA7JMftrLo8Dy/OBXSg root@nixos"; }; flap = rec { cores = 1; @@ -238,6 +243,8 @@ with lib; ''; }; }; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH4Tjx9qK6uWtxT1HCpeC0XvDZKO/kaPygyKatpAqU6I root@wry"; }; filepimp = rec { cores = 1; @@ -287,6 +294,8 @@ with lib; ''; }; }; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujMZ3ZFxKpWeB/cjfKfYRr77+VRZk0Eik+92t03NoA root@servarch"; }; gum = rec { cores = 1; @@ -327,6 +336,8 @@ with lib; ''; }; }; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum"; }; }; users = addNames rec { |