effect: add darwin-deploy

2023-06-03 18:53:46 +10:00 · 2023-06-03 18:53:46 +10:00 · e33afe7f9c
commit e33afe7f9c
parent 51e87fc33b
3 changed files with 16 additions and 3 deletions
--- a/dev/effect.nix
+++ b/dev/effect.nix
@ -4,6 +4,18 @@
    withSystem "x86_64-linux" ({ hci-effects, pkgs, self', ... }:
      {
        onPush.default.outputs.effects = {
+          darwin-deploy = hci-effects.runIf (pkgs.lib.hasPrefix "refs/heads/gh-readonly-queue/master/" config.repo.ref)
+            (hci-effects.runNixDarwin {
+              config = self.darwinConfigurations.darwin02;
+              secretsMap.hercules-ssh = "hercules-ssh";
+              ssh.destination = "m1@darwin02.nix-community.org";
+              userSetupScript = ''
+                writeSSHKey hercules-ssh
+                cat >>~/.ssh/known_hosts <<EOF
+                darwin02.nix-community.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBt6uTauhRbs5A6jwAT3p3i3P1keNC6RpaA1Na859BCa
+                EOF
+              '';
+            });
          terraform-deploy = hci-effects.runIf (pkgs.lib.hasPrefix "refs/heads/gh-readonly-queue/master/" config.repo.ref)
            (hci-effects.mkEffect {
              name = "terraform-deploy";
--- a/hosts/darwin02/configuration.nix
+++ b/hosts/darwin02/configuration.nix
@ -31,6 +31,7 @@ in
  # TODO: refactor this to share /users with nixos
  # keys are copied, not symlinked
  users.users.m1.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOG/9rsFqC2tg+W5YZxthW5xhUJEfZ8ShqkRtVe+A6+u" # hercules-ssh-deploy
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE" # mic92
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuiDoBOxgyer8vGcfAIbE6TC4n4jo8lhG9l01iJ0bZz" # zimbatm
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbCYwWByGE46XHH4Q0vZgQ5sOUgbH50M8KO2xhBC4m/" # zowoq
--- a/modules/nixos/hercules-ci/secrets.yaml
+++ b/modules/nixos/hercules-ci/secrets.yaml
@ -1,6 +1,6 @@
 cluster-join-token.key: ENC[AES256_GCM,data:Ba8S5Cx3NJR/FoKkSVc5pX1bwKkYHAhTid3dlWcGRXPCmVtrMgBKLjDZ5b3AajZio+IvS7XNajsVqPUB/rsBUPL+mz/DPbnI4bibLkB0KZl5v6FnMf6RbGr7RWbEsGXWlJh77l/AmGRWJTj7Dh3LaQ53dguhNIDuXGvNhTLs690/93Xnc+x+d5tzl2hNz/A4/IQxpsRoJJKygqGndbc0bTUPo0QZMLtf8kHQtCiozfm1SeW49ITnM+4VCOJB8NkSkwUfy5Rs574fFijYSOGT8LSSH0ly2oxHEY+UaJudRhjr5uzrcZPI/WrrtkI=,iv:87JRtvlkkExu37uYRaHojsk1vjhO1ocw2L9yE+7shpI=,tag:0de71eZjy8F/w0LQzOVAyg==,type:str]
 binary-caches.json: ENC[AES256_GCM,data:pshvo/BxcIDXrWpW6jb1Hti8pqIEER+andBFpbOArKdaSb1LoVC45G+QwqLxjnDckiBeJm+refQE/x8i6QI0kYHcHEmX4iByvtcDM7RB6ZQSghTO0oqhi1blZRp+NjVdpgeti9VOkLPOYR+ruCDXeZmjt9fWnpGxC6ok5h5z5XLtq5xICy0DBl4VJXw3NwMnpIfj4vvczTP1TlUmP3GElHImRj6F59Vyw4jbTZRIqrib97x8nrO24t3P6RqooY0WHPR1sQXJebxCCO3TiJjxLHNtjLhJgez/O6Ou8CJx999wGvGmm3k8DzUDh94bnG12tal0PrPSJLdsQItpYqDPbK6f6R0wVmzcAywW22SCqk6kaCLGSDCYQRh3xGNsdmVfDQSJPjnAOJDNjJR5adoe8KPHIrc5eZiXjS9mJO7eYPX2IfkNHlM18NjT/Q716Ez9tnBatVb5+YKLlZMm+SSgWNxwZhBiQUvR3wdX3jOXIAjdfCGy4ocCffP05WC4YzjHo5E1EsOBN/cr5LfAS36XFwChHJ6iE4zjwsQe3X7jN9mlZdksBe8gEKFns2rr5IMmXG/enLdVjigRgDShNglP,iv:IOqba6lLXCEVZ+HNaH3uM4E3lbKzm8XCXlbAp6UPBIE=,tag:RX2d2UEWpZu48pW1UUaQcQ==,type:str]
-hercules-secrets: ENC[AES256_GCM,data:ALuK/eGc2B3cXhAQjr5ZOcW0TaOraj+ZpwatF54XcTOgg49ezziXim0hUzgVbV96QMZVTkI/Fr8YobcL5oMvYXZijVit+OSrONbk703ygyogJslUKfHn0Wgho0XM/Jx/zvB2zEkLMr+UVc1lGRY+JsYT8Jx5bLrinGHzSWAHSquLVk+6tek9dqXZM2imiFMrzyUevUAUWywlqflEO3Fuos6TUEF5m0x9mqYD88nIqFfBewrJ9CuxMpLlVDDDdJBcqgdZ+m0ukQuwvx+bcY2jWwIZIx2rc3SitWQZfA2l37jRIZE7mCmZizu2V2o3xkH5MXvFgTLuItxwulNc9iFkragNXZ7D5iZMXpo+6JLZ9NR1TVAFXM+hvd0eqXqDVs+m7WjHWrO8B9yUNgYwVI29EImnqyjJ5ap+iOm0s2iQSE3od76U272VrViya3jTaV3es3nFWBxL8b+ofsey/RNAe2o7bCyUZzS0LlnH1GouAZnvh542hbPHu3TV8yoHobAxc83WO/pzw+qlRQH8tRi5MNZb0rpXCeLcXyVv18FS+9JGr10FEZ5x3rV/Jw5ZxcZptzBTjsy1zsa1SZz/bwds7mjt7MkpHEmsNLTE0QU52rX7kW1l1I3+ISB9kxdPEg0qA6/TmFqwa/NfaeigBw==,iv:uRMgAyeDZvtapc0hplLx+E1XA2N6+csPld0d833TTys=,tag:tdbRYkeTjURSxxDBNgjMSQ==,type:str]
+hercules-secrets: ENC[AES256_GCM,data:MVrxw+6pLvw9qSLCYum8evJbM7dny99Vik0fl8r3z9JnO483rDKOu55/WxSX1EZIVMHymgg7IvDu2h09IWXPq6mUmOfr1iMLtEuLlA4XF8wfwp4uYtJKra6v1ikpVxzaa9aYgTahk3uLCc1oh3a0K//rPThlkWZfKHDwcSSqpJMh2FYRY1TvLnwt/NxclzKzU3i2eW0NVq9PtAE5M16p2AlyzBm+RbIYv5MFmcEzDsDzoXTb2nAC5nQmEiUiv145D3iAAMRxswZREJtFvGXcBRc6fP/ythzd7GqMUDKZkFuOjaCE9Ogamqu8/TTBqTe5XNEj00uDHaEBleywp3pLR+0dNCXxHk9paREqLK+5XaXO60Rm32rzKZpfurwpqGPqZkaElK3liGqFP6cM3q00ZkdUSYIvXKX77GmhDEGm/VMD+QN07O2jUghxhfzco6WS05yqQzC2OhNxqgX7laiPk/I/FPdz+61MAdoCnTT4Uvyhbw4jwx/AGb/fKr57UTEtorMN+zdD4KQw/QLWD4GJFqUi+UXc8NGV/7dkIhJzRWyxhO4Xvo0ymPI0Hs9+WKjf7xi4tL/ZyJOkD9v2dTw3hBO/T5oYmnwRSLIa1l0wGQR06C74GaWp2yKj+1r39rNAQbeZeMEW14aX57XtikhPM+7RwaRSfYzmYwRorsjevUZgYzgombdXyxHV+xwApFgIyGGw8ZyfrZ1cCUbUngz7oo048iRGSZHokx00E8kW97Zs9OG8OOOfa/Sm8yTUyGtCVx6W/iZcC8lMldraUG18xNlOvTAElxOMW2rpaeepjbiA0lRwKAwU/PJaCxl45dYkMXkLp8+xG+vMFz85ajhgMP2AdYNhutVHiYEzVL6YytnuvQ/tokyQxMh6Ps6lft7lelH9gHjlJ+GivbWrV3SYsX5Vpt1XzgEXqwOjDKx86FtDag6F9JyQSY7tblmWDScv4yGBAlhRXtD55TiK6ynaI3YJY5Gw3+HWkmfg7N9B2PffeB0Xrb9Q97AyX6hkJppRdDEbQbr8S7ApaLPdkDlDExGJ9vTEqIiDGX6R2On7IxJLNE5Xv4BE72MtnFkFVj4eWWN2QCW4Dvvow21KKU2Nja9eDfEdg2cIo1naC4ONcQ1/dK8L0EJv1n7KNoiNQfMSZRspyszek5ry/VDPo6uEIwdldSFY4RqoUCjhRpOPu/psXN79L/jMnIYzuRw4ChvbhsrE88tu+XetmYOjbP3S0/DccKoVWt+BC83LhWxSuqhEHjG5abB/265NUf3MFD+iWb0es174KGmNjVuwmKr1DqYNdwQg2BNHRW9dhEn0wm+5t7rQ8tphuzotGmot2p2SPpaPNEGwQkN5YXhl0herKCQk+6qHh2KLId3F33vmhKsjpvZcUMuNUM1OwcTlk61T4oVuIb+lS0Q5HpGuVOc1HrcRNMXZh22aiOEwAfVJ1zSo7qDx8FOF1ceT04wx0Ps77WFwQMuC5Qv59rlYxuO+5E0l85OCfAjNL9Uzthx9lJcw5HEFWt/DxX28eNzvUPId3jN4xW/ehTxnNRQMp3w3qd5onzLKHWfA9jc7pAt8Lt2pkQYxm5y3y/5PUit0dw08n3cxVDjzjmqH+M6sVB5b2CeerLwlhk3mFHPaO6in7Iis4q36TA==,iv:n4gLUMZXqthTxYsDJEVHak54MGhSIA0xD1jyhvSvW84=,tag:9MS7dVsBKuIF/q/CwMbRjA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -70,8 +70,8 @@ sops:
            QTh4K0xzYVgzWVcwNzJ6bHFncHNTNHMK/iAbmGaTunJefyKK/GQYYMzd1PY+hvOt
            i2SfjO8ZPXRkQcDxRa5EqOkKzpzBijjSsGGH04MprCBI6ysaJA+lEg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-05-04T22:00:39Z"
-    mac: ENC[AES256_GCM,data:D2smiMskdRdj/b5hE2matw82z1Kf4CZGGKaptt7zd77sCuK1TQ6Te8n89LJ5SdGQpUcfZ9eaPVutMLgLr0vJufaOwHo8BVSuyN7/EC9IeeeLrJygl1wYZzbVcWm9KW2YthYTj+n2RtAvS7VtuYUdSPk7oSG7Xs6XaBp5qtoxeBs=,iv:PrbJvAFDsxeWqce5aXC97d6IKr66Ao1qLfljE/EFufg=,tag:wVeBLqclaE4IpsFMLZHOeg==,type:str]
+    lastmodified: "2023-06-06T00:28:49Z"
+    mac: ENC[AES256_GCM,data:pfDd5faVcmUniLH/mwxKQAXecvv5ZftxvedZgQwnMBkP0FcUlRUjcofRENCxZlCUuym80s29k9Zr6b6/h1uuijcpkrZpsrjJCCAbT/JOZxu8BOyDgLtH7ZZwKpL3IJtpuF+a9NkPj4KouMkkk0bIOWmn05m8zgVsfk5vsfVUWF4=,iv:NDAC6cMx6Gb9GhcEfh5uuMjuCj/xT3MffWrPJfZWF8M=,tag:FOqg8VAeNzmy3ewFVIa9Lw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3