maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(3p/agenix): update to 2022-05-16 and add to niv

Browse source 
The new version brings the new secretsDir setting which means we no
longer have to hardcode /run/agenix everywhere.

Change-Id: I4b579d7233d315a780d7671869d5d06722d769fa
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5646
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: sterni <sternenseemann@systemli.org>
This commit is contained in:
sterni 2022-05-22 23:51:49 +02:00 committed by clbot
parent c55f61cd9b
commit 03d1986316
13 changed files with 33 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

8
ops/machines/whitby/default.nix
View file

@ -334,7 +334,7 @@ in
flags = {
gerrit_host = "cl.tvl.fyi:29418";
gerrit_ssh_auth_username = "clbot";
gerrit_ssh_auth_key = "/run/agenix/clbot-ssh";
gerrit_ssh_auth_key = config.age.secretsDir + "/clbot-ssh";
irc_server = "localhost:${toString config.services.znc.config.Listener.l.Port}";
irc_user = "tvlbot";
@ -453,7 +453,7 @@ in
services.nix-serve = {
enable = true;
port = 6443;
secretKeyFile = "/run/agenix/nix-cache-priv";
secretKeyFile = config.age.secretsDir + "/nix-cache-priv";
bindAddress = "localhost";
};
@ -599,7 +599,7 @@ in
};
# Contains GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET.
systemd.services.grafana.serviceConfig.EnvironmentFile = "/run/agenix/grafana";
systemd.services.grafana.serviceConfig.EnvironmentFile = config.age.secretsDir + "/grafana";
services.keycloak = {
enable = true;
@ -613,7 +613,7 @@ in
database = {
type = "postgresql";
passwordFile = "/run/agenix/keycloak-db";
passwordFile = config.age.secretsDir + "/keycloak-db";
createLocally = false;
};
};

2
ops/modules/clbot.nix
View file

@ -60,7 +60,7 @@ in
secretsFile = mkOption {
type = types.str;
description = "EnvironmentFile from which to load secrets";
default = "/run/agenix/clbot";
default = config.age.secretsDir + "/clbot";
};
};

2
ops/modules/gerrit-queue.nix
View file

@ -24,7 +24,7 @@ in
secretsFile = with lib; mkOption {
description = "Path to a systemd EnvironmentFile containing secrets";
default = "/run/agenix/gerrit-queue";
default = config.age.secretsDir + "/gerrit-queue";
type = types.str;
};
};

2
ops/modules/irccat.nix
View file

@ -40,7 +40,7 @@ in
secretsFile = lib.mkOption {
type = lib.types.str;
description = "Path to the secrets file to be merged";
default = "/run/agenix/irccat";
default = config.age.secretsDir + "/irccat";
};
};

2
ops/modules/oauth2_proxy.nix
View file

@ -37,7 +37,7 @@ in
secretsFile = lib.mkOption {
type = lib.types.str;
description = "EnvironmentFile from which to load secrets";
default = "/run/agenix/oauth2_proxy";
default = config.age.secretsDir + "/oauth2_proxy";
};
};

2
ops/modules/owothia.nix
View file

@ -12,7 +12,7 @@ in
secretsFile = lib.mkOption {
type = lib.types.str;
description = "File path from which systemd should read secrets";
default = "/run/agenix/owothia";
default = config.age.secretsDir + "/owothia";
};
owoChance = lib.mkOption {

2
ops/modules/panettone.nix
View file

@ -37,7 +37,7 @@ in
by systemd's EnvironmentFile
'';
type = types.str;
default = "/run/agenix/panettone";
default = config.age.secretsDir + "/panettone";
};
irccatHost = mkOption {

2
ops/modules/smtprelay.nix
View file

@ -40,7 +40,7 @@ in
secretsFile = mkOption {
type = types.str;
default = "/run/agenix/smtprelay";
default = config.age.secretsDir + "/smtprelay";
};
};

2
ops/modules/tvl-buildkite.nix
View file

@ -40,7 +40,7 @@ in
value = {
inherit name;
enable = true;
tokenPath = "/run/agenix/buildkite-agent-token";
tokenPath = config.age.secretsDir + "/buildkite-agent-token";
hooks.post-command = "${buildkiteHooks}/bin/post-command";
runtimePackages = with pkgs; [