alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

nixos/buildkite: make privateSshKeyPath optional

Browse source 
When only cloning public repos, or when the ssh key is provided by
different means, we don't need to manage it here.
This commit is contained in:
Florian Klink 2020-01-20 10:28:47 +01:00
parent a208e6eb99
commit 4b73d3c444
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
nixos/modules/services/continuous-integration/buildkite-agent.nix
View file

@ -104,7 +104,8 @@ in
}; };
privateSshKeyPath = mkOption { privateSshKeyPath = mkOption {
type = types.path; type = types.nullOr types.path;
default = null;
## maximum care is taken so that secrets (ssh keys and the CI token) ## maximum care is taken so that secrets (ssh keys and the CI token)
## don't end up in the Nix store. ## don't end up in the Nix store.
apply = final: if final == null then null else toString final; apply = final: if final == null then null else toString final;
@ -223,11 +224,11 @@ in
sshDir = "${cfg.dataDir}/.ssh"; sshDir = "${cfg.dataDir}/.ssh";
tagStr = lib.concatStringsSep "," (lib.mapAttrsToList (name: value: "${name}=${value}") cfg.tags); tagStr = lib.concatStringsSep "," (lib.mapAttrsToList (name: value: "${name}=${value}") cfg.tags);
in in
'' optionalString (cfg.privateSshKeyPath != null) ''
mkdir -m 0700 -p "${sshDir}" mkdir -m 0700 -p "${sshDir}"
cp -f "${toString cfg.privateSshKeyPath}" "${sshDir}/id_rsa" cp -f "${toString cfg.privateSshKeyPath}" "${sshDir}/id_rsa"
chmod 600 "${sshDir}"/id_rsa chmod 600 "${sshDir}"/id_rsa
'' + ''
cat > "${cfg.dataDir}/buildkite-agent.cfg" <<EOF cat > "${cfg.dataDir}/buildkite-agent.cfg" <<EOF
token="$(cat ${toString cfg.tokenPath})" token="$(cat ${toString cfg.tokenPath})"
name="${cfg.name}" name="${cfg.name}"