refactor(ops/whitby): Move Gerrit secrets into agenix r/3402

Gerrit has OAuth2 and email related secrets which now live in agenix instead of a random file on disk. Change-Id: I6220fbb7a2e2ec0102a900b4bcf6150b8b4d32ef Reviewed-on: https://cl.tvl.fyi/c/depot/+/4612 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi>
author: Vincent Ambo <mail@tazj.in> 2021-12-25T21·03+0300
committer: clbot <clbot@tvl.fyi> 2021-12-25T21·15+0000
commit: e4d20cdaeca9b237bc716e198ae61d91f303acbc (patch)
tree: 8965f62b37c2294526ec5027280f036a30622a6a /ops/machines/whitby
parent: d8a1802b3ed804fb26c50a6f23036aede1ac1182 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 045e037fda5e..63d14be19898 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -239,6 +239,13 @@ in {
         owner = "git";
       };
 
+      gerrit-secrets = {
+        file = secretFile "gerrit-secrets";
+        path = "/var/lib/gerrit/etc/secure.config";
+        owner = "git";
+        mode = "0400";
+      };
+
       clbot-ssh = {
         file = secretFile "clbot-ssh";
         owner = "clbot";
author	Vincent Ambo <mail@tazj.in>	2021-12-25T21·03+0300
committer	clbot <clbot@tvl.fyi>	2021-12-25T21·15+0000
commit	e4d20cdaeca9b237bc716e198ae61d91f303acbc (patch)
tree	8965f62b37c2294526ec5027280f036a30622a6a /ops/machines/whitby
parent	d8a1802b3ed804fb26c50a6f23036aede1ac1182 (diff)