refactor(ops): Move clbot SSH key into agenix r/3183

Change-Id: Iae03ead7dda0509689a76f0d76f9cfeb8434e967
author: Vincent Ambo <mail@tazj.in> 2021-12-10T12·32+0300
committer: Vincent Ambo <mail@tazj.in> 2021-12-10T13·13+0300
commit: 002d183876e67338498bd4fbae9928af4fb5694c (patch)
tree: a1e4d80a46218ff36ade365b38fc813aace8d035 /ops/machines/whitby/default.nix
parent: 0fa937551e6fa1021dbad4d523e0743fe25a24df (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 1a624c8f6642..8cec05284a75 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -216,6 +216,11 @@ in {
         mode = "0440";
         group = "buildkite-agents";
       };
+
+      clbot-ssh = {
+        file = secretFile "clbot-ssh";
+        owner = "clbot";
+      };
     };
 
   # Automatically collect garbage from the Nix store.
@@ -280,7 +285,7 @@ in {
     flags = {
       gerrit_host = "cl.tvl.fyi:29418";
       gerrit_ssh_auth_username = "clbot";
-      gerrit_ssh_auth_key = "/etc/secrets/id_clbot";
+      gerrit_ssh_auth_key = "/run/agenix/clbot-ssh";
 
       irc_server = "localhost:${toString config.services.znc.config.Listener.l.Port}";
       irc_user = "tvlbot";
@@ -290,7 +295,7 @@ in {
       notify_repo = "depot";
 
       # This secret is read from an environment variable, which is
-      # populated from /etc/secrets/clbot
+      # populated by a systemd EnvironmentFile.
       irc_pass = "$CLBOT_PASS";
     };
   };
author	Vincent Ambo <mail@tazj.in>	2021-12-10T12·32+0300
committer	Vincent Ambo <mail@tazj.in>	2021-12-10T13·13+0300
commit	002d183876e67338498bd4fbae9928af4fb5694c (patch)
tree	a1e4d80a46218ff36ade365b38fc813aace8d035 /ops/machines/whitby/default.nix
parent	0fa937551e6fa1021dbad4d523e0743fe25a24df (diff)