about summary refs log tree commit diff
path: root/hosts/tahoe/secrets
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2022-07-18 17:33:26 -0700
committerFranck Cuny <franck@fcuny.net>2022-07-18 17:34:55 -0700
commit3f670b25133e929d8a6be2aff6ae648ee18f81a2 (patch)
tree35d5323d57233277e1e106b4981204ca3483295d /hosts/tahoe/secrets
parentfix(modules/backup): reduce verbosity for restic (diff)
downloadworld-3f670b25133e929d8a6be2aff6ae648ee18f81a2.tar.gz
feat(modules/gerrit): manage secure configuration with nix
Currently the secure configuration for gerrit is not managed by nix.
This is likely going to break in the future and I'll hate myself for
that. Let's move it into nix and encrypt it with age, like we do for
other secrets.

Change-Id: Ia7a006748a3ad64fa4b97ca9e8cbd98c99433982
Reviewed-on: https://cl.fcuny.net/c/world/+/622
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
Diffstat (limited to '')
-rw-r--r--hosts/tahoe/secrets/gerrit/secure-config.agebin0 -> 717 bytes
-rw-r--r--hosts/tahoe/secrets/secrets.nix6
2 files changed, 6 insertions, 0 deletions
diff --git a/hosts/tahoe/secrets/gerrit/secure-config.age b/hosts/tahoe/secrets/gerrit/secure-config.age
new file mode 100644
index 0000000..45d0c42
--- /dev/null
+++ b/hosts/tahoe/secrets/gerrit/secure-config.age
Binary files differdiff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix
index 031426f..d3571f4 100644
--- a/hosts/tahoe/secrets/secrets.nix
+++ b/hosts/tahoe/secrets/secrets.nix
@@ -31,6 +31,12 @@ in
     mode = "0440";
   };
 
+  "gerrit/secure-config.age" = {
+    publicKeys = all;
+    owner = "git";
+    path = "/var/lib/gerrit/etc/secure.config";
+  };
+
   "syncthing/key.age" = {
     publicKeys = all;
     owner = "fcuny";