add required secret key for grafana

2026-03-10 14:59:45 +00:00 · 2026-03-07 12:28:41 -05:00
parent d09ee3337b
commit 4eacca970e
2 changed files with 30 additions and 0 deletions
--- a/platforms/nixos/modules/nmasur/presets/services/grafana/grafana.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/grafana/grafana.nix
@@ -28,9 +28,22 @@ in
      before = [ "grafana.service" ];
    };

+    secrets.grafana-secret-key = {
+             source = ./grafana-secret-key.age;
+      dest = "${config.secretsDirectory}/grafana-secret-key";
+      owner = "grafana";
+      group = "grafana";
+      permissions = "0440";
+    };
+    systemd.services.grafana-secret-key  = {
+      requiredBy = [ "grafana.service" ];
+      before = [ "grafana.service" ];
+    };
+
    services.grafana = {
      enable = true;
      settings = {
+        security.secret_key = "$__file{${config.secrets.grafana-secret-key.dest}}";
        server = {
          domain = hostnames.metrics;
          http_addr = "127.0.0.1";