From e4d20cdaeca9b237bc716e198ae61d91f303acbc Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Sun, 26 Dec 2021 00:03:41 +0300
Subject: refactor(ops/whitby): Move Gerrit secrets into agenix

Gerrit has OAuth2 and email related secrets which now live in agenix
instead of a random file on disk.

Change-Id: I6220fbb7a2e2ec0102a900b4bcf6150b8b4d32ef
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4612
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: lukegb <lukegb@tvl.fyi>
---
 ops/machines/whitby/default.nix | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'ops/machines/whitby/default.nix')

diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 045e037fda..63d14be198 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -239,6 +239,13 @@ in {
         owner = "git";
       };
 
+      gerrit-secrets = {
+        file = secretFile "gerrit-secrets";
+        path = "/var/lib/gerrit/etc/secure.config";
+        owner = "git";
+        mode = "0400";
+      };
+
       clbot-ssh = {
         file = secretFile "clbot-ssh";
         owner = "clbot";
-- 
cgit 1.4.1