ci: install keychain for use in scripts

2023-03-03 07:48:42 -07:00 · 2023-03-03 07:48:42 -07:00 · f83024c42d
commit f83024c42d
parent 336973e5b5
4 changed files with 21 additions and 9 deletions
--- a/bin/ci
+++ b/bin/ci
@ -6,6 +6,8 @@ direnv allow

 CMD=${1:-""}

+eval $(keychain --eval --agents ssh --inherit any)
+
 start_ci

 trap ci_error INT TERM
--- a/configs/ci.nix
+++ b/configs/ci.nix
@ -59,14 +59,16 @@ in with lib; {
        owner = config.services.tsrevprox.user;
      };
    };
-    environment.systemPackages = [ inputs.po.packages.${pkgs.system}.po ];
+    environment.systemPackages = with pkgs; [
+      inputs.po.packages.${pkgs.system}.po
+      keychain
+    ];

    nix = {
      settings.allowed-users = [ "root" config.xinCI.user "nix-serve" ];
    };

-    systemd.services =
-      lib.listToAttrs (builtins.map xinlib.jobToService jobs);
+    systemd.services = lib.listToAttrs (builtins.map xinlib.jobToService jobs);

    services = {
      tsrevprox = {
--- a/hosts/h/default.nix
+++ b/hosts/h/default.nix
@ -674,8 +674,16 @@ in {
          };
        };
        managementRoom = "#moderation:tapenet.org";
-        automaticallyRedactForReasons =
-          [ "spam" "advertising" "racism" "nazi" "nazism" "trolling" "porn" "csam" ];
+        automaticallyRedactForReasons = [
+          "spam"
+          "advertising"
+          "racism"
+          "nazi"
+          "nazism"
+          "trolling"
+          "porn"
+          "csam"
+        ];
        aditionalPrefixes = [ "hammer" ];
        confirmWildcardBan = false;
      };
--- a/lib/default.nix
+++ b/lib/default.nix
@ -8,9 +8,6 @@ let
  jobToUserService = job: {
    name = "${job.name}";
    value = {
-      serviceConfig = {
-        User = "${job.user}";
-      };
      script = mkCronScript "${job.name}_script" job.script;
      inherit (job) startAt path;
    };
@ -20,6 +17,7 @@ let
    value = {
      script = mkCronScript "${job.name}_script" job.script;
      inherit (job) startAt path;
+      serviceConfig = { User = "${job.user}"; };
    };
  };
  buildShell = pkgs:
@ -51,6 +49,8 @@ let
      system.autoUpgrade.enable = state != "DIRTY";
    };

-  xinlib = { inherit buildVer mkCronScript jobToUserService jobToService buildShell; };
+  xinlib = {
+    inherit buildVer mkCronScript jobToUserService jobToService buildShell;
+  };

 in xinlib