From 496d8994287f27f93f08ac847e430a6f2dfc94bd Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Thu, 9 Dec 2021 16:53:22 +0300
Subject: feat(ops/secrets): Configure secrets for gerrit-queue

Adds a systemd EnvironmentFile secret that contains the Gerrit
username & password for gerrit-queue.

Change-Id: I25acf87764c26774045138402b8a417b6813ee8f
---
 ops/machines/whitby/default.nix | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'ops/machines')

diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 78945a74174b..82b3bc37cf4a 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -40,6 +40,7 @@ in {
     "${depot.path}/ops/modules/www/tvl.fyi.nix"
     "${depot.path}/ops/modules/www/tvl.su.nix"
     "${depot.path}/ops/modules/www/wigglydonke.rs.nix"
+    "${depot.third_party.agenix.src}/modules/age.nix"
     "${pkgs.path}/nixos/modules/services/web-apps/gerrit.nix"
   ];
 
@@ -201,6 +202,11 @@ in {
     challengeResponseAuthentication = false;
   };
 
+  # Configure secrets for services that need them.
+  age.secrets = {
+    gerrit-queue.file = depot.path.origSrc + "/ops/secrets/gerrit-queue.age";
+  };
+
   # Automatically collect garbage from the Nix store.
   services.depot.automatic-gc = {
     enable = true;
-- 
cgit 1.4.1