noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2026-03-10 12:39:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

add required secret key for grafana

Browse Source
This commit is contained in:
Noah Masur
2026-03-07 12:28:41 -05:00
parent d09ee3337b
commit 4eacca970e
2 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
platforms/nixos/modules/nmasur/presets/services/grafana/grafana-secret-key.age Normal file
View File

@@ -0,0 +1,17 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBxUDhh
SkpvdDNNS04yNk0yNGtqRlRXT2V2QVVScUpVd3RrMWUvYnVyRlJFCktoZUw1VnJI
SnJ4dDBZK1ROUDRhWm1EaExKZUJmM1NrcUZ0elRtZXZFSTQKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RICtHZGEyUm1lelBEWVFIaCsxSmx0S2V3Yk5qREVRaDdtSkp6ckcz
UDB5aWcKUFNoeU1YQjhaTG1zTEZBZElkUUpUcXVXdzgrUENUajNqRytMMFZVTzNm
NAotPiBzc2gtZWQyNTUxOSBuanZYNUEgNjNoM0U0ZnE5dzNCenRWZmVkRVdXOGFa
cmFjSWtFOUVXSUdzTFNlWGhUSQpvNnk3NXdGZkhtaGRJRmd3czFNUHh3OUlTSGpG
YUJjT1Baa3dRdzF4V2EwCi0+IHNzaC1lZDI1NTE5IENxSU9VQSBXcnNQcnY5MnJ3
b3hLM01PYXNwa2tPTFVRMC96QmZZTkdDNktWZFRHOVE4Ck1PZUlLcXN6Rnh3UnlS
dVkwODJ2QjBXWUZOUTdBU01DYjFSemJxY1haVVUKLT4gc3NoLWVkMjU1MTkgejFP
Y1p3IEQwZTA3WFkwMWJjbXhMRDlFaEJjMVhuZFpTVTFsaktqWHFXN0J1ajJHMmMK
bXRTdTI2N1o4ZXhYcG9kWCtMNjJCMG0zeUpqMS95SC9VdTRNdUY3ZFVVSQotLS0g
OXJFMUkvOXkvdStrU1dBSEhhNnE0NU56SHE0UkUvbXhwcWRCdkdxdXN3SQpXUnGQ
XJT+KXvM80eW2z/je+0kq9Yh+DkgcWtUpq2k2WyzIue9AifKco9CQ4AsBtKKoxO9
SxjY/7b0HRwoXS578gwTxJD0j9sBRsz4s64IeiepKn01KcMTgo1TxYzB7JgM
-----END AGE ENCRYPTED FILE-----

13
platforms/nixos/modules/nmasur/presets/services/grafana/grafana.nix
View File

@@ -28,9 +28,22 @@ in
before = [ "grafana.service" ];
};
secrets.grafana-secret-key = {
source = ./grafana-secret-key.age;
dest = "${config.secretsDirectory}/grafana-secret-key";
owner = "grafana";
group = "grafana";
permissions = "0440";
};
systemd.services.grafana-secret-key = {
requiredBy = [ "grafana.service" ];
before = [ "grafana.service" ];
};
services.grafana = {
enable = true;
settings = {
security.secret_key = "$__file{${config.secrets.grafana-secret-key.dest}}";
server = {
domain = hostnames.metrics;
http_addr = "127.0.0.1";