diff options
-rw-r--r-- | docs/gerrit.org | 2 | ||||
-rw-r--r-- | hosts/tahoe/secrets/gerrit/secure-config.age | bin | 0 -> 717 bytes | |||
-rw-r--r-- | hosts/tahoe/secrets/secrets.nix | 6 | ||||
-rw-r--r-- | modules/services/gerrit/default.nix | 1 |
4 files changed, 8 insertions, 1 deletions
diff --git a/docs/gerrit.org b/docs/gerrit.org index fa993c7..bee0509 100644 --- a/docs/gerrit.org +++ b/docs/gerrit.org @@ -6,7 +6,7 @@ A gerrit instance is running at [[https://cl.fcuny.net][cl.fcuny.net]]. - branches other than main can be pushed to the server - the main branch can only be modified by gerrit * Secure configuration -The file =/var/lib/gerrit/etc/secure.config= is not (yet) managed by nix. The file contains: +The file =/var/lib/gerrit/etc/secure.config= is managed by nix. The file contains: #+begin_src ini [auth] registerEmailPrivateKey = <redacted> diff --git a/hosts/tahoe/secrets/gerrit/secure-config.age b/hosts/tahoe/secrets/gerrit/secure-config.age new file mode 100644 index 0000000..45d0c42 --- /dev/null +++ b/hosts/tahoe/secrets/gerrit/secure-config.age Binary files differdiff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix index 031426f..d3571f4 100644 --- a/hosts/tahoe/secrets/secrets.nix +++ b/hosts/tahoe/secrets/secrets.nix @@ -31,6 +31,12 @@ in mode = "0440"; }; + "gerrit/secure-config.age" = { + publicKeys = all; + owner = "git"; + path = "/var/lib/gerrit/etc/secure.config"; + }; + "syncthing/key.age" = { publicKeys = all; owner = "fcuny"; diff --git a/modules/services/gerrit/default.nix b/modules/services/gerrit/default.nix index 9ae9e50..1592839 100644 --- a/modules/services/gerrit/default.nix +++ b/modules/services/gerrit/default.nix @@ -1,6 +1,7 @@ { config, pkgs, lib, ... }: let cfg = config.my.services.gerrit; + secrets = config.age.secrets; my-gerrit-hook = name: pkgs.writeShellScript "my-gerrit-hook" '' |