forked from Fediversity/Fediversity
Kiara Grouwstra
b52ccfaf33
add woodpecker status: agents error `agent could not auth: individual agent not found by token: sql: no rows in result set` allow manual set `image: bash` to initally test `local` woodpecker back-end split CI jobs image: `bash` (`local` back-end) -> `nixos/nix` (`docker` back-end) add debugging lines to CD pipeline to debug error `Could not open a connection to your authentication agent` add more debug prints to CD even more debugging continue debugging debug harder explicitly specify flakes as nixos/nix image is missing this rm /home update fedi203 wrap faulty statement fix check-resources split strace pkg un-strace un-test cd dedupe image max 5 un-bash strace configure user simplify secrets set just group for system users unverbose npins schema add flakes flakes
41 lines
1.3 KiB
Nix
41 lines
1.3 KiB
Nix
let
|
|
inherit (builtins) attrValues foldl' mapAttrs;
|
|
## `mergeAttrs` and `concatMapAttrs` are in `lib.trivial` and `lib.attrsets`,
|
|
## but we would rather avoid a dependency in nixpkgs for this file.
|
|
mergeAttrs = x: y: x // y;
|
|
concatMapAttrs = f: v: foldl' mergeAttrs { } (attrValues (mapAttrs f v));
|
|
|
|
keys = import ../keys;
|
|
contributors = attrValues keys.contributors;
|
|
cd = [ keys.cd ];
|
|
in
|
|
|
|
concatMapAttrs
|
|
(name: systems: {
|
|
"${name}.age".publicKeys = contributors ++ systems ++ cd;
|
|
})
|
|
|
|
(
|
|
with keys.systems;
|
|
|
|
##############################################################################
|
|
## File name <-> system host keys mapping
|
|
##
|
|
## This attribute set defines precisely which secrets exist and which systems
|
|
## are able to decrypt them.
|
|
|
|
{
|
|
forgejo-database-password = [ vm02116 ];
|
|
forgejo-email-password = [ vm02116 ];
|
|
forgejo-runner-token = [ forgejo-ci ];
|
|
panel-secret-key = [ fedi201 ];
|
|
panel-ssh-key = [ fedi201 ];
|
|
wiki-basicauth-htpasswd = [ vm02187 ];
|
|
wiki-password = [ vm02187 ];
|
|
wiki-smtp-password = [ vm02187 ];
|
|
woodpecker-gitea-client = [ fedi203 ];
|
|
woodpecker-gitea-secret = [ fedi203 ];
|
|
woodpecker-agent-exec = [ fedi203 ];
|
|
woodpecker-agent-container = [ fedi203 ];
|
|
}
|
|
)
|