feat(3p/agenix): update to 2022-05-16 and add to niv

The new version brings the new secretsDir setting which means we no longer have to hardcode /run/agenix everywhere. Change-Id: I4b579d7233d315a780d7671869d5d06722d769fa Reviewed-on: https://cl.tvl.fyi/c/depot/+/5646 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: sterni <sternenseemann@systemli.org>
2022-05-22 23:51:49 +02:00 · 2022-05-22 23:51:49 +02:00 · 03d1986316
commit 03d1986316
parent c55f61cd9b
13 changed files with 33 additions and 25 deletions
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@ -334,7 +334,7 @@ in
    flags = {
      gerrit_host = "cl.tvl.fyi:29418";
      gerrit_ssh_auth_username = "clbot";
-      gerrit_ssh_auth_key = "/run/agenix/clbot-ssh";
+      gerrit_ssh_auth_key = config.age.secretsDir + "/clbot-ssh";

      irc_server = "localhost:${toString config.services.znc.config.Listener.l.Port}";
      irc_user = "tvlbot";
@ -453,7 +453,7 @@ in
  services.nix-serve = {
    enable = true;
    port = 6443;
-    secretKeyFile = "/run/agenix/nix-cache-priv";
+    secretKeyFile = config.age.secretsDir + "/nix-cache-priv";
    bindAddress = "localhost";
  };

@ -599,7 +599,7 @@ in
  };

  # Contains GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET.
-  systemd.services.grafana.serviceConfig.EnvironmentFile = "/run/agenix/grafana";
+  systemd.services.grafana.serviceConfig.EnvironmentFile = config.age.secretsDir + "/grafana";

  services.keycloak = {
    enable = true;
@ -613,7 +613,7 @@ in

    database = {
      type = "postgresql";
-      passwordFile = "/run/agenix/keycloak-db";
+      passwordFile = config.age.secretsDir + "/keycloak-db";
      createLocally = false;
    };
  };