From 002d183876e67338498bd4fbae9928af4fb5694c Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Fri, 10 Dec 2021 15:32:11 +0300
Subject: refactor(ops): Move clbot SSH key into agenix

Change-Id: Iae03ead7dda0509689a76f0d76f9cfeb8434e967
---
 ops/machines/whitby/default.nix | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'ops/machines/whitby/default.nix')

diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 1a624c8f66..8cec05284a 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -216,6 +216,11 @@ in {
         mode = "0440";
         group = "buildkite-agents";
       };
+
+      clbot-ssh = {
+        file = secretFile "clbot-ssh";
+        owner = "clbot";
+      };
     };
 
   # Automatically collect garbage from the Nix store.
@@ -280,7 +285,7 @@ in {
     flags = {
       gerrit_host = "cl.tvl.fyi:29418";
       gerrit_ssh_auth_username = "clbot";
-      gerrit_ssh_auth_key = "/etc/secrets/id_clbot";
+      gerrit_ssh_auth_key = "/run/agenix/clbot-ssh";
 
       irc_server = "localhost:${toString config.services.znc.config.Listener.l.Port}";
       irc_user = "tvlbot";
@@ -290,7 +295,7 @@ in {
       notify_repo = "depot";
 
       # This secret is read from an environment variable, which is
-      # populated from /etc/secrets/clbot
+      # populated by a systemd EnvironmentFile.
       irc_pass = "$CLBOT_PASS";
     };
   };
-- 
cgit 1.4.1