From 496d8994287f27f93f08ac847e430a6f2dfc94bd Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Thu, 9 Dec 2021 16:53:22 +0300 Subject: feat(ops/secrets): Configure secrets for gerrit-queue Adds a systemd EnvironmentFile secret that contains the Gerrit username & password for gerrit-queue. Change-Id: I25acf87764c26774045138402b8a417b6813ee8f --- ops/machines/whitby/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'ops/machines') diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index 78945a74174b..82b3bc37cf4a 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -40,6 +40,7 @@ in { "${depot.path}/ops/modules/www/tvl.fyi.nix" "${depot.path}/ops/modules/www/tvl.su.nix" "${depot.path}/ops/modules/www/wigglydonke.rs.nix" + "${depot.third_party.agenix.src}/modules/age.nix" "${pkgs.path}/nixos/modules/services/web-apps/gerrit.nix" ]; @@ -201,6 +202,11 @@ in { challengeResponseAuthentication = false; }; + # Configure secrets for services that need them. + age.secrets = { + gerrit-queue.file = depot.path.origSrc + "/ops/secrets/gerrit-queue.age"; + }; + # Automatically collect garbage from the Nix store. services.depot.automatic-gc = { enable = true; -- cgit 1.4.1