From 4783d8368633bba19c8de3aa0f088ae8c51a8f04 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Sun, 2 Feb 2025 00:16:14 +0300
Subject: [PATCH] feat(ops/nevsky): sync remaining whitby secrets to nevsky

Change-Id: I604426d8e9e91417607eed71f0dbcaf93e88c31d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/13074
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
---
 ops/machines/nevsky/default.nix | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/ops/machines/nevsky/default.nix b/ops/machines/nevsky/default.nix
index b6212bf2b..9de85c158 100644
--- a/ops/machines/nevsky/default.nix
+++ b/ops/machines/nevsky/default.nix
@@ -98,8 +98,15 @@ in
       secretFile = name: depot.ops.secrets."${name}.age";
     in
     {
+      clbot.file = secretFile "clbot";
+      gerrit-autosubmit.file = secretFile "gerrit-autosubmit";
+      grafana.file = secretFile "grafana";
       irccat.file = secretFile "irccat";
+      keycloak-db.file = secretFile "keycloak-db";
       owothia.file = secretFile "owothia";
+      panettone.file = secretFile "panettone";
+      smtprelay.file = secretFile "smtprelay";
+      teleirc.file = secretFile "teleirc";
       wg-privkey.file = depot.ops.secrets."wg-nevsky.age";
 
       nix-cache-priv = {
@@ -137,6 +144,31 @@ in
         mode = "0440";
         group = "buildkite-agents";
       };
+
+      gerrit-besadii-config = {
+        file = secretFile "besadii";
+        owner = "git";
+      };
+
+      gerrit-secrets = {
+        file = secretFile "gerrit-secrets";
+        path = "/var/lib/gerrit/etc/secure.config";
+        owner = "git";
+        mode = "0400";
+      };
+
+      clbot-ssh = {
+        file = secretFile "clbot-ssh";
+        owner = "clbot";
+      };
+
+      depot-replica-key = {
+        file = secretFile "depot-replica-key";
+        mode = "0500";
+        owner = "git";
+        group = "git";
+        path = "/var/lib/git/.ssh/id_ed25519";
+      };
     };
 
   networking = {