feat(ops/secrets): Configure secrets for gerrit-queue

Adds a systemd EnvironmentFile secret that contains the Gerrit username & password for gerrit-queue. Change-Id: I25acf87764c26774045138402b8a417b6813ee8f
2021-12-09 16:53:22 +03:00 · 2021-12-09 16:53:22 +03:00 · 496d899428
commit 496d899428
parent 4870b1a2ff
3 changed files with 16 additions and 0 deletions
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@ -40,6 +40,7 @@ in {
    "${depot.path}/ops/modules/www/tvl.fyi.nix"
    "${depot.path}/ops/modules/www/tvl.su.nix"
    "${depot.path}/ops/modules/www/wigglydonke.rs.nix"
+    "${depot.third_party.agenix.src}/modules/age.nix"
    "${pkgs.path}/nixos/modules/services/web-apps/gerrit.nix"
  ];

@ -201,6 +202,11 @@ in {
    challengeResponseAuthentication = false;
  };

+  # Configure secrets for services that need them.
+  age.secrets = {
+    gerrit-queue.file = depot.path.origSrc + "/ops/secrets/gerrit-queue.age";
+  };
+
  # Automatically collect garbage from the Nix store.
  services.depot.automatic-gc = {
    enable = true;