about summary refs log tree commit diff
path: root/ops/secrets/secrets.nix (follow)
AgeCommit message (Collapse)AuthorFilesLines
2021-12-25 r/3402 refactor(ops/whitby): Move Gerrit secrets into agenixVincent Ambo1-0/+1
Gerrit has OAuth2 and email related secrets which now live in agenix instead of a random file on disk. Change-Id: I6220fbb7a2e2ec0102a900b4bcf6150b8b4d32ef Reviewed-on: https://cl.tvl.fyi/c/depot/+/4612 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-12-25 r/3401 feat(whitby): Configure initial Keycloak setupVincent Ambo1-0/+1
Trialing this as an alternative to CAS that is a little easier to configure and can help us delegate authentication to other OIDC services. Change-Id: Iad63724d349334910af8fed0b148e4ba428f796b Reviewed-on: https://cl.tvl.fyi/c/depot/+/4608 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi>
2021-12-11 r/3207 feat(ops/secrets): add keys for sternisterni1-1/+5
Change-Id: Idf13f7737dd51e74e87093e07cdf22ad24407944
2021-12-10 r/3203 refactor(ops): Move panettone secrets to agenixVincent Ambo1-0/+1
Relates to b/161 Change-Id: I508e5a0eacab668f4bd39a2c888d894b96bed093
2021-12-10 r/3199 refactor(ops): Move Nix cache secret to agenixVincent Ambo1-0/+2
... and also the public key, just to keep the distribution mechanism the same. Change-Id: Ief14daf9344c0fb99eeb5789c1ec9bfb1f12bee0
2021-12-10 r/3198 refactor(ops): Use besadii configuration from agenixVincent Ambo1-0/+1
We already checked this in, but this commit adds the configuration for making use of it. There are two copies of besadii's JSON configuration with different permissions. Note that the buildkite-graphql-token path needs to be updated in static-pipeline.yml, but this needs to happen in a separate commit after deploy because the pipeline will break otherwise. Change-Id: I6fab4bf1a2e679df7cf76521e2b53bd9dadbac62
2021-12-10 r/3197 refactor(ops): Move grafana secret into agenixVincent Ambo1-0/+1
Change-Id: Id141758135c796881e91d20b950dae74c40d9ab3
2021-12-10 r/3187 feat(ops/secrets): Add key for grfnGriffin Smith1-1/+5
Change-Id: I8063ae804932e3815e9a499e0206806818b9b021
2021-12-10 r/3184 refactor(ops): Move irccat secret into agenixVincent Ambo1-1/+2
The irccat module uses DynamicUser, so to grant permission to it a new group has been added for irccat. I have some vague memory of DynamicUser + Group not behaving as one would expect, but we'll see what happens. Change-Id: Iab9f6a3f1a53c4133b635458ce173250cc9a3fac
2021-12-10 r/3183 refactor(ops): Move clbot SSH key into agenixVincent Ambo1-0/+1
Change-Id: Iae03ead7dda0509689a76f0d76f9cfeb8434e967
2021-12-10 r/3176 refactor(ops): Move buildkite-agent-token into agenixVincent Ambo1-0/+1
Relates to b/161 Change-Id: I5d3a698d437928966d8b78ce9e0ba226c1437655
2021-12-10 r/3175 refactor(ops): Move owothia secret into agenixVincent Ambo1-1/+2
Relates to b/161 Change-Id: I25445281b0dd3c3f3660f8bb0d8337506a1e427b
2021-12-10 r/3174 refactor(ops): Move clbot secret into agenixVincent Ambo1-0/+1
Relates to b/161 Change-Id: I7badf22ff93bb4e8b06e4dd4a8bf880b0bd48f09
2021-12-10 r/3173 feat(ops/secrets): Configure secrets for gerrit-queueVincent Ambo1-0/+1
Adds a systemd EnvironmentFile secret that contains the Gerrit username & password for gerrit-queue. Change-Id: I25acf87764c26774045138402b8a417b6813ee8f
2021-12-08 r/3159 feat(ops/secrets): Bootstrap agenix secrets folderVincent Ambo1-0/+12
Sets up the key set and adds an initial secret (besadii config with tokens) to be deployed to whitby. Change-Id: Ic07fd5e66b9e7a533013e04c35e052c2aa11f77d
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-07-04T01·45+0000