refactor(ops/whitby): Move Gerrit secrets into agenix

Gerrit has OAuth2 and email related secrets which now live in agenix instead of a random file on disk. Change-Id: I6220fbb7a2e2ec0102a900b4bcf6150b8b4d32ef Reviewed-on: https://cl.tvl.fyi/c/depot/+/4612 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-12-26 00:03:41 +03:00 · 2021-12-26 00:03:41 +03:00 · e4d20cdaec
commit e4d20cdaec
parent d8a1802b3e
3 changed files with 23 additions and 0 deletions
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@ -239,6 +239,13 @@ in {
        owner = "git";
      };

+      gerrit-secrets = {
+        file = secretFile "gerrit-secrets";
+        path = "/var/lib/gerrit/etc/secure.config";
+        owner = "git";
+        mode = "0400";
+      };
+
      clbot-ssh = {
        file = secretFile "clbot-ssh";
        owner = "clbot";