added key deployment tool.

64785aef · Valentin Reis · 821c1939 · 64785aef · 64785aef · 64785aef
Commit 64785aef authored Oct 30, 2018 by Valentin Reis
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 1 deletion

deployments/argo.nixops deployments/argo.nixops +0 -0

deployments/ci.nix deployments/ci.nix +1 -1

deployments/send-secret.sh deployments/send-secret.sh +6 -0

No files found.
--- a/deployments/argo.nixops
+++ b/deployments/argo.nixops
--- a/deployments/ci.nix
+++ b/deployments/ci.nix
@@ -69,7 +69,7 @@ in
        chownsec = {
          text = ''
              mkdir -p /run/secrets/
-              chown -R ${config.users.users.hydra-queue-runner.uid}:${config.users.groups.hydra.gid} /run/secrets
+              chown -R ${builtins.toString config.users.users.hydra-queue-runner.uid}:${builtins.toString config.users.groups.hydra.gid} /run/secrets
            '';
            deps = [];
          };

--- a/deployments/send-secret.sh
+++ b/deployments/send-secret.sh
+#!/usr/bin/env bash
+
+echo "extracting/sending hydra-master secret key from password store"
+pass keys/rsa/PRIVATE/hydra-master@chameleon | ssh root@129.114.111.116 'cat > /run/secrets/id_buildfarm'
+echo "chown-ing the key on the machine"
+ssh root@129.114.111.116 'chown hydra-queue-runner:hydra /run/secrets/id_buildfarm'