refactor(ops): Use besadii configuration from agenix r/3198

We already checked this in, but this commit adds the configuration for making use of it. There are two copies of besadii's JSON configuration with different permissions. Note that the buildkite-graphql-token path needs to be updated in static-pipeline.yml, but this needs to happen in a separate commit after deploy because the pipeline will break otherwise. Change-Id: I6fab4bf1a2e679df7cf76521e2b53bd9dadbac62
author: Vincent Ambo <mail@tazj.in> 2021-12-10T13·11+0300
committer: clbot <clbot@tvl.fyi> 2021-12-10T19·31+0000
commit: 82a885a750cfe3bdf282a19a37f91842f374b24c (patch)
tree: 6a40e6f099a31bbffe386ddfbfa5ba621334df73 /ops/machines/whitby/default.nix
parent: b1108821a9dbc617f02a4437c9300f5b0bdca479 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 88c0aa9d03..572417fea6 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -219,6 +219,23 @@ in {
         group = "buildkite-agents";
       };
 
+      buildkite-graphql-token = {
+        file = secretFile "buildkite-graphql-token";
+        mode = "0440";
+        group = "buildkite-agent";
+      };
+
+      buildkite-besadii-config = {
+        file = secretFile "besadii";
+        mode = "0440";
+        group = "buildkite-agent";
+      };
+
+      gerrit-besadii-config = {
+        file = secretFile "besadii";
+        owner = "git";
+      };
+
       clbot-ssh = {
         file = secretFile "clbot-ssh";
         owner = "clbot";
author	Vincent Ambo <mail@tazj.in>	2021-12-10T13·11+0300
committer	clbot <clbot@tvl.fyi>	2021-12-10T19·31+0000
commit	82a885a750cfe3bdf282a19a37f91842f374b24c (patch)
tree	6a40e6f099a31bbffe386ddfbfa5ba621334df73 /ops/machines/whitby/default.nix
parent	b1108821a9dbc617f02a4437c9300f5b0bdca479 (diff)