1 files changed, 4 insertions, 0 deletions

diff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix
index 8776e6a..79273b8 100644
--- a/hosts/tahoe/secrets/secrets.nix
+++ b/hosts/tahoe/secrets/secrets.nix
@@ -21,9 +21,13 @@ in {
     mode = "0440";
   };
 
+  # the owner is gerrit, but we also want the builders to access this
+  # configuration.
   "gerrit/hooks.age" = {
     publicKeys = all;
     owner = "git";
+    group = "buildkite-agents";
+    mode = "0440";
   };
 
   "syncthing/key.age" = {