refactor(ops): Move panettone secrets to agenix r/3203

Relates to b/161

Change-Id: I508e5a0eacab668f4bd39a2c888d894b96bed093

3 files changed, 4 insertions, 2 deletions

diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index ebd06fbc67a4..3a41e1442c4c 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -211,8 +211,9 @@ in {
       gerrit-queue.file = secretFile "gerrit-queue";
       grafana.file = secretFile "grafana";
       irccat.file = secretFile "irccat";
-      owothia.file = secretFile "owothia";
       nix-cache-priv.file = secretFile "nix-cache-priv";
+      owothia.file = secretFile "owothia";
+      panettone.file = secretFile "panettone";
 
       buildkite-agent-token = {
         file = secretFile "buildkite-agent-token";
@@ -335,7 +336,6 @@ in {
       enable = true;
       dbUser = "panettone";
       dbName = "panettone";
-      secretsFile = "/etc/secrets/panettone";
       irccatChannel = "#tvl";
     };
 
diff --git a/ops/modules/panettone.nix b/ops/modules/panettone.nix
index 51a7468578f4..11e934ec2e8d 100644
--- a/ops/modules/panettone.nix
+++ b/ops/modules/panettone.nix
@@ -36,6 +36,7 @@ in {
         by systemd's EnvironmentFile
       '';
       type = types.str;
+      default = "/run/agenix/panettone";
     };
 
     irccatHost = mkOption {
diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix
index dc68e22380be..ac567b7b634c 100644
--- a/ops/secrets/secrets.nix
+++ b/ops/secrets/secrets.nix
@@ -23,4 +23,5 @@ in {
   "nix-cache-priv.age" = default;
   "nix-cache-pub.age" = default;
   "owothia.age" = default;
+  "panettone.age" = default;
 }