From e552633c20db1c516f6fd46280627ff5f0ee33a0 Mon Sep 17 00:00:00 2001 From: Rodney Lorrimar Date: Sun, 18 Feb 2018 08:30:42 +0000 Subject: nixos/buildkite-agent: add coreutils to PATH of service This simplifies the service script and it's probable that many builds will need coreutils anyway. --- .../services/continuous-integration/buildkite-agent.nix | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/continuous-integration/buildkite-agent.nix b/nixos/modules/services/continuous-integration/buildkite-agent.nix index 039567eb6051..0a0c9f665d25 100644 --- a/nixos/modules/services/continuous-integration/buildkite-agent.nix +++ b/nixos/modules/services/continuous-integration/buildkite-agent.nix @@ -196,13 +196,10 @@ in environment.systemPackages = [ cfg.package ]; systemd.services.buildkite-agent = - let copy = x: target: perms: - "cp -f ${x} ${target}; ${pkgs.coreutils}/bin/chmod ${toString perms} ${target}; "; - in { description = "Buildkite Agent"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - path = cfg.runtimePackages; + path = cfg.runtimePackages ++ [ pkgs.coreutils ]; environment = config.networking.proxy.envVars // { HOME = cfg.dataDir; NIX_REMOTE = "daemon"; @@ -210,10 +207,14 @@ in ## NB: maximum care is taken so that secrets (ssh keys and the CI token) ## don't end up in the Nix store. - preStart = '' - ${pkgs.coreutils}/bin/mkdir -m 0700 -p ${cfg.dataDir}/.ssh - ${copy (toString cfg.openssh.privateKeyPath) "${cfg.dataDir}/.ssh/id_rsa" 600} - ${copy (toString cfg.openssh.publicKeyPath) "${cfg.dataDir}/.ssh/id_rsa.pub" 600} + preStart = let + sshDir = "${cfg.dataDir}/.ssh"; + in + '' + mkdir -m 0700 -p "${sshDir}" + cp -f "${toString cfg.openssh.privateKeyPath}" "${sshDir}/id_rsa" + cp -f "${toString cfg.openssh.publicKeyPath}" "${sshDir}/id_rsa.pub" + chmod 600 "${sshDir}"/id_rsa* cat > "${cfg.dataDir}/buildkite-agent.cfg" <