From d85b322c550874f5afbfbdb4c727bd53d4b5377e Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Sun, 4 May 2025 01:05:46 +0300
Subject: [PATCH] feat(ops/gerrit01): provide buildkite-api-proxy-token.age

This is a read-only Buildkite token, it was generated and installed by
flokli@ and has read_builds, read_build_logs, and read_pipelines
permissions.

Part of #118.

Change-Id: I0bbfbab9ad1152ff8e781b7380f44d3cd7245bab
Reviewed-on: https://cl.snix.dev/c/snix/+/30404
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: edef <edef@edef.eu>
---
 ops/machines/gerrit01/default.nix         |   1 +
 ops/secrets/buildkite-api-proxy-token.age | Bin 0 -> 576 bytes
 ops/secrets/secrets.nix                   |   2 ++
 3 files changed, 3 insertions(+)
 create mode 100644 ops/secrets/buildkite-api-proxy-token.age

diff --git a/ops/machines/gerrit01/default.nix b/ops/machines/gerrit01/default.nix
index a895316a8..3b5e02905 100644
--- a/ops/machines/gerrit01/default.nix
+++ b/ops/machines/gerrit01/default.nix
@@ -54,6 +54,7 @@ in
       secretFile = name: depot.ops.secrets."${name}.age";
     in
     {
+      buildkite-api-proxy-token.file = secretFile "buildkite-api-proxy-token";
       gerrit-oauth-secret.file = secretFile "gerrit-oauth-secret";
       gerrit-replication-key.file = secretFile "gerrit-replication-key";
       gerrit-sendemail-smtp-pass.file = secretFile "gerrit-sendemail-smtp-pass";
diff --git a/ops/secrets/buildkite-api-proxy-token.age b/ops/secrets/buildkite-api-proxy-token.age
new file mode 100644
index 0000000000000000000000000000000000000000..1c2e16522dc013467e51650fe9c5b938aa2fd116
GIT binary patch
literal 576
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUFE(|NpOIHYYHz<ip
z%koTf)piZfDb9?ttcY|8Fmx{nGA)cU@Y8lpbFT2nt;*96E#``Famg}w&ek`|OAZJx
z);6@P@;3<y(07ig@-r$<_0LN63w3hxF7?YUF#*{Y0kJ5g(8STvqB1f(I3%&Kq#)5%
zyTmL!B+=8cDnh&1H#I9H$2~bHtjyiTt(dFOD>=>4%skP;pd!F4+dQc>JS{cNv)IDD
zxKO{u-Oy3r$T7(&-5@F|KN(~LvVWY7s>1Ue6@vVd-P0p{Qq2vDoqWn%ovVD^B8pSI
z)117VvZJ!hjZ6xQ%L{$7GZJ01xlB_d{4BgIEWAyE!Yd<k4Km#`y<Czk-Auj8l1e-R
zDlCGNaw~(q%d)j2(QT_RP7lgWS4i^6Gs@F0%PJ_1^0YMf400<9a?kRws4R60DDuq-
z4)qR7EAY;Ya!Jh0=c-Js3W=~xEvd?I^Ye>v^~#9M_s=!*On3HiH?xeg@GW=o2@VQ!
zH;t&s=hD^HRS3)TPccs{vZx3P$~G@4H7vCBE3FDL^h)<LFO2djbIdSx2`w%#&d&08
z<Z7DH;F4mQcG&61C7UksLp%x&e1=<8?X!zcp1CU%`oJueA$+;!6cxeGJPBv7FKq1I
j-!#Q3vaRtz-%A-2`w7Ra96v6rxgF>BK&RoL)3dDrNVUV)

literal 0
HcmV?d00001

diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix
index f01267c43..360f0a9a9 100644
--- a/ops/secrets/secrets.nix
+++ b/ops/secrets/secrets.nix
@@ -35,6 +35,8 @@ in
   "restic-bucket-credentials.age" = allDefault;
 
   "keycloak-db-password.age" = public01Default;
+
+  "buildkite-api-proxy-token.age" = gerrit01Default;
   "gerrit-oauth-secret.age" = gerrit01Default;
   "gerrit-replication-key.age" = gerrit01Default;
   "gerrit-sendemail-smtp-pass.age" = gerrit01Default;