From 03d198631645ba3013e6e16bdf26a327cd51ccf7 Mon Sep 17 00:00:00 2001 From: sterni Date: Sun, 22 May 2022 23:51:49 +0200 Subject: feat(3p/agenix): update to 2022-05-16 and add to niv The new version brings the new secretsDir setting which means we no longer have to hardcode /run/agenix everywhere. Change-Id: I4b579d7233d315a780d7671869d5d06722d769fa Reviewed-on: https://cl.tvl.fyi/c/depot/+/5646 Tested-by: BuildkiteCI Reviewed-by: tazjin Reviewed-by: grfn Autosubmit: sterni --- ops/machines/whitby/default.nix | 8 ++++---- ops/modules/clbot.nix | 2 +- ops/modules/gerrit-queue.nix | 2 +- ops/modules/irccat.nix | 2 +- ops/modules/oauth2_proxy.nix | 2 +- ops/modules/owothia.nix | 2 +- ops/modules/panettone.nix | 2 +- ops/modules/smtprelay.nix | 2 +- ops/modules/tvl-buildkite.nix | 2 +- 9 files changed, 12 insertions(+), 12 deletions(-) (limited to 'ops') diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index 5de8481878..7518e67179 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -334,7 +334,7 @@ in flags = { gerrit_host = "cl.tvl.fyi:29418"; gerrit_ssh_auth_username = "clbot"; - gerrit_ssh_auth_key = "/run/agenix/clbot-ssh"; + gerrit_ssh_auth_key = config.age.secretsDir + "/clbot-ssh"; irc_server = "localhost:${toString config.services.znc.config.Listener.l.Port}"; irc_user = "tvlbot"; @@ -453,7 +453,7 @@ in services.nix-serve = { enable = true; port = 6443; - secretKeyFile = "/run/agenix/nix-cache-priv"; + secretKeyFile = config.age.secretsDir + "/nix-cache-priv"; bindAddress = "localhost"; }; @@ -599,7 +599,7 @@ in }; # Contains GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET. - systemd.services.grafana.serviceConfig.EnvironmentFile = "/run/agenix/grafana"; + systemd.services.grafana.serviceConfig.EnvironmentFile = config.age.secretsDir + "/grafana"; services.keycloak = { enable = true; @@ -613,7 +613,7 @@ in database = { type = "postgresql"; - passwordFile = "/run/agenix/keycloak-db"; + passwordFile = config.age.secretsDir + "/keycloak-db"; createLocally = false; }; }; diff --git a/ops/modules/clbot.nix b/ops/modules/clbot.nix index 958d321f81..84575ed072 100644 --- a/ops/modules/clbot.nix +++ b/ops/modules/clbot.nix @@ -60,7 +60,7 @@ in secretsFile = mkOption { type = types.str; description = "EnvironmentFile from which to load secrets"; - default = "/run/agenix/clbot"; + default = config.age.secretsDir + "/clbot"; }; }; diff --git a/ops/modules/gerrit-queue.nix b/ops/modules/gerrit-queue.nix index 66d584cc33..4468bcf1c5 100644 --- a/ops/modules/gerrit-queue.nix +++ b/ops/modules/gerrit-queue.nix @@ -24,7 +24,7 @@ in secretsFile = with lib; mkOption { description = "Path to a systemd EnvironmentFile containing secrets"; - default = "/run/agenix/gerrit-queue"; + default = config.age.secretsDir + "/gerrit-queue"; type = types.str; }; }; diff --git a/ops/modules/irccat.nix b/ops/modules/irccat.nix index 05a783fd66..0819c52a8d 100644 --- a/ops/modules/irccat.nix +++ b/ops/modules/irccat.nix @@ -40,7 +40,7 @@ in secretsFile = lib.mkOption { type = lib.types.str; description = "Path to the secrets file to be merged"; - default = "/run/agenix/irccat"; + default = config.age.secretsDir + "/irccat"; }; }; diff --git a/ops/modules/oauth2_proxy.nix b/ops/modules/oauth2_proxy.nix index 58b3a222a8..e92572365d 100644 --- a/ops/modules/oauth2_proxy.nix +++ b/ops/modules/oauth2_proxy.nix @@ -37,7 +37,7 @@ in secretsFile = lib.mkOption { type = lib.types.str; description = "EnvironmentFile from which to load secrets"; - default = "/run/agenix/oauth2_proxy"; + default = config.age.secretsDir + "/oauth2_proxy"; }; }; diff --git a/ops/modules/owothia.nix b/ops/modules/owothia.nix index d11fdd26ec..b9746c1720 100644 --- a/ops/modules/owothia.nix +++ b/ops/modules/owothia.nix @@ -12,7 +12,7 @@ in secretsFile = lib.mkOption { type = lib.types.str; description = "File path from which systemd should read secrets"; - default = "/run/agenix/owothia"; + default = config.age.secretsDir + "/owothia"; }; owoChance = lib.mkOption { diff --git a/ops/modules/panettone.nix b/ops/modules/panettone.nix index d57e53e754..2576ab16c5 100644 --- a/ops/modules/panettone.nix +++ b/ops/modules/panettone.nix @@ -37,7 +37,7 @@ in by systemd's EnvironmentFile ''; type = types.str; - default = "/run/agenix/panettone"; + default = config.age.secretsDir + "/panettone"; }; irccatHost = mkOption { diff --git a/ops/modules/smtprelay.nix b/ops/modules/smtprelay.nix index cfb185ecd1..f6ce262175 100644 --- a/ops/modules/smtprelay.nix +++ b/ops/modules/smtprelay.nix @@ -40,7 +40,7 @@ in secretsFile = mkOption { type = types.str; - default = "/run/agenix/smtprelay"; + default = config.age.secretsDir + "/smtprelay"; }; }; diff --git a/ops/modules/tvl-buildkite.nix b/ops/modules/tvl-buildkite.nix index a6e7372a25..c38687f80f 100644 --- a/ops/modules/tvl-buildkite.nix +++ b/ops/modules/tvl-buildkite.nix @@ -40,7 +40,7 @@ in value = { inherit name; enable = true; - tokenPath = "/run/agenix/buildkite-agent-token"; + tokenPath = config.age.secretsDir + "/buildkite-agent-token"; hooks.post-command = "${buildkiteHooks}/bin/post-command"; runtimePackages = with pkgs; [ -- cgit 1.4.1