From 03d198631645ba3013e6e16bdf26a327cd51ccf7 Mon Sep 17 00:00:00 2001 From: sterni Date: Sun, 22 May 2022 23:51:49 +0200 Subject: feat(3p/agenix): update to 2022-05-16 and add to niv The new version brings the new secretsDir setting which means we no longer have to hardcode /run/agenix everywhere. Change-Id: I4b579d7233d315a780d7671869d5d06722d769fa Reviewed-on: https://cl.tvl.fyi/c/depot/+/5646 Tested-by: BuildkiteCI Reviewed-by: tazjin Reviewed-by: grfn Autosubmit: sterni --- ops/machines/whitby/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'ops/machines/whitby/default.nix') diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index 5de8481878..7518e67179 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -334,7 +334,7 @@ in flags = { gerrit_host = "cl.tvl.fyi:29418"; gerrit_ssh_auth_username = "clbot"; - gerrit_ssh_auth_key = "/run/agenix/clbot-ssh"; + gerrit_ssh_auth_key = config.age.secretsDir + "/clbot-ssh"; irc_server = "localhost:${toString config.services.znc.config.Listener.l.Port}"; irc_user = "tvlbot"; @@ -453,7 +453,7 @@ in services.nix-serve = { enable = true; port = 6443; - secretKeyFile = "/run/agenix/nix-cache-priv"; + secretKeyFile = config.age.secretsDir + "/nix-cache-priv"; bindAddress = "localhost"; }; @@ -599,7 +599,7 @@ in }; # Contains GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET. - systemd.services.grafana.serviceConfig.EnvironmentFile = "/run/agenix/grafana"; + systemd.services.grafana.serviceConfig.EnvironmentFile = config.age.secretsDir + "/grafana"; services.keycloak = { enable = true; @@ -613,7 +613,7 @@ in database = { type = "postgresql"; - passwordFile = "/run/agenix/keycloak-db"; + passwordFile = config.age.secretsDir + "/keycloak-db"; createLocally = false; }; }; -- cgit 1.4.1