diff options
Diffstat (limited to 'ops/machines/whitby/default.nix')
| -rw-r--r-- | ops/machines/whitby/default.nix | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index 1a624c8f6642..8cec05284a75 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -216,6 +216,11 @@ in { mode = "0440"; group = "buildkite-agents"; }; + + clbot-ssh = { + file = secretFile "clbot-ssh"; + owner = "clbot"; + }; }; # Automatically collect garbage from the Nix store. @@ -280,7 +285,7 @@ in { flags = { gerrit_host = "cl.tvl.fyi:29418"; gerrit_ssh_auth_username = "clbot"; - gerrit_ssh_auth_key = "/etc/secrets/id_clbot"; + gerrit_ssh_auth_key = "/run/agenix/clbot-ssh"; irc_server = "localhost:${toString config.services.znc.config.Listener.l.Port}"; irc_user = "tvlbot"; @@ -290,7 +295,7 @@ in { notify_repo = "depot"; # This secret is read from an environment variable, which is - # populated from /etc/secrets/clbot + # populated by a systemd EnvironmentFile. irc_pass = "$CLBOT_PASS"; }; }; |