modules: services: monitoring: add 'secretKeyFile'

nixos: porthos: secrets: add grafana secret-key
The secret will be used in the next commit.
2023-07-17 10:59:58 +00:00 · 2023-07-17 10:59:58 +00:00
4 changed files with 12 additions and 0 deletions
--- a/hosts/nixos/porthos/secrets/monitoring/secret-key.age
+++ b/hosts/nixos/porthos/secrets/monitoring/secret-key.age
--- a/hosts/nixos/porthos/secrets/secrets.nix
+++ b/hosts/nixos/porthos/secrets/secrets.nix
@ -42,6 +42,10 @@ in
    owner = "grafana";
    publicKeys = all;
  };
+  "monitoring/secret-key.age" = {
+    owner = "grafana";
+    publicKeys = all;
+  };

  "nextcloud/password.age" = {
    owner = "nextcloud";
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@ -80,6 +80,7 @@ in
      enable = true;
      grafana = {
        passwordFile = secrets."monitoring/password".path;
+        secretKeyFile = secrets."monitoring/secret-key".path;
      };
    };
    # FLOSS music streaming server
--- a/modules/services/monitoring/default.nix
+++ b/modules/services/monitoring/default.nix
@ -27,6 +27,12 @@ in
        example = "/var/lib/grafana/password.txt";
        description = "Admin password stored in a file";
      };
+
+      secretKeyFile = mkOption {
+        type = types.str;
+        example = "/var/lib/grafana/secret_key.txt";
+        description = "Secret key stored in a file";
+      };
    };

    prometheus = {
@ -61,6 +67,7 @@ in
        security = {
          admin_user = cfg.grafana.username;
          admin_password = "$__file{${cfg.grafana.passwordFile}}";
+          secret_key = "$__file{${cfg.grafana.secretKeyFile}}";
        };
      };
Author	SHA1	Message	Date
Bruno BELANYI	47533f119e	modules: services: monitoring: add 'secretKeyFile' All checks were successful ci/woodpecker/push/check Pipeline was successful Details	2023-07-17 10:59:58 +00:00
Bruno BELANYI	ae13ab0c86	nixos: porthos: secrets: add grafana secret-key The secret will be used in the next commit.	2023-07-17 10:59:58 +00:00