forked from mirrors/nixpkgs
nixos/buildkite: make privateSshKeyPath optional
When only cloning public repos, or when the ssh key is provided by different means, we don't need to manage it here.
This commit is contained in:
parent
a208e6eb99
commit
4b73d3c444
|
@ -104,7 +104,8 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
privateSshKeyPath = mkOption {
|
privateSshKeyPath = mkOption {
|
||||||
type = types.path;
|
type = types.nullOr types.path;
|
||||||
|
default = null;
|
||||||
## maximum care is taken so that secrets (ssh keys and the CI token)
|
## maximum care is taken so that secrets (ssh keys and the CI token)
|
||||||
## don't end up in the Nix store.
|
## don't end up in the Nix store.
|
||||||
apply = final: if final == null then null else toString final;
|
apply = final: if final == null then null else toString final;
|
||||||
|
@ -223,11 +224,11 @@ in
|
||||||
sshDir = "${cfg.dataDir}/.ssh";
|
sshDir = "${cfg.dataDir}/.ssh";
|
||||||
tagStr = lib.concatStringsSep "," (lib.mapAttrsToList (name: value: "${name}=${value}") cfg.tags);
|
tagStr = lib.concatStringsSep "," (lib.mapAttrsToList (name: value: "${name}=${value}") cfg.tags);
|
||||||
in
|
in
|
||||||
''
|
optionalString (cfg.privateSshKeyPath != null) ''
|
||||||
mkdir -m 0700 -p "${sshDir}"
|
mkdir -m 0700 -p "${sshDir}"
|
||||||
cp -f "${toString cfg.privateSshKeyPath}" "${sshDir}/id_rsa"
|
cp -f "${toString cfg.privateSshKeyPath}" "${sshDir}/id_rsa"
|
||||||
chmod 600 "${sshDir}"/id_rsa
|
chmod 600 "${sshDir}"/id_rsa
|
||||||
|
'' + ''
|
||||||
cat > "${cfg.dataDir}/buildkite-agent.cfg" <<EOF
|
cat > "${cfg.dataDir}/buildkite-agent.cfg" <<EOF
|
||||||
token="$(cat ${toString cfg.tokenPath})"
|
token="$(cat ${toString cfg.tokenPath})"
|
||||||
name="${cfg.name}"
|
name="${cfg.name}"
|
||||||
|
|
Loading…
Reference in a new issue