foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-30 22:57:55 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

hosts/plover/services/grafana: update secrets

Browse Source
This commit is contained in:
Gabriel Arazas 2024-10-04 14:25:18 +08:00
parent 4ff6f1fda9
commit 496b230868
No known key found for this signature in database
GPG Key ID: 62104B43D00AA360
2 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
configs/nixos/plover/modules/services/grafana.nix
View File

@ -157,13 +157,21 @@ in {
})
(lib.mkIf hostCfg.services.vouch-proxy.enable {
systemd.services.grafana.serviceConfig.SupplementaryGroups = [ "vouch-proxy" ];
sops.secrets = let
grafanaFileAttributes = {
owner = config.users.users.grafana.name;
group = config.users.users.grafana.group;
mode = "0400";
};
in foodogsquaredLib.sops-nix.getSecrets ../../secrets/secrets.yaml {
"grafana/oauth_client_secret" = grafanaFileAttributes;
};
services.grafana.settings."auth.generic_oauth" = {
api_url = authSubpath "oauth2/authorise";
client_id = "grafana";
client_secret = "$__file{${
config.sops.secrets."vouch-proxy/domains/${config.networking.domain}/jwt-secret".path
config.sops.secrets."grafana/oauth_client_secret".path
}}";
enabled = true;
name = "Kanidm";

9
configs/nixos/plover/secrets/secrets.yaml
View File

@ -3,6 +3,7 @@ borg:
services:
password: ENC[AES256_GCM,data:oc+KxvGhTRPC7SbTSw0yTXOwyoemgPk0O9a3qK17,iv:vTeP9cRyrQaPSv1SvKhJSjBPrbDP3hd0FNtkfMNhTiY=,tag:RhG+d2iZZKyHs0g35UYd3g==,type:str]
grafana:
oauth_client_secret: ENC[AES256_GCM,data:ZELA/Qar817K+jheyL4wIuE16B9jbvJpznAh+30q9j+BqTIRrmATstZMZxEfEpuPR/deN7z+QSzoNxLfN6wlOQ==,iv:G8Kp4/5k5c+jRuwhri69B9FiqX913rUBNIixvf6guXs=,tag:DYLGN5ebhpo3B4jjggiXOg==,type:str]
database:
password: ENC[AES256_GCM,data:FMuKd7qN3swSgth2bQD8pBB9xz92No/EzxeM,iv:rU1u9IrI3hdX305NlZryr/5dlsSgHEpNFwwEzpmCjII=,tag:IMJ6lSVQVYZUn3b8Ld8F6g==,type:str]
users:
@ -14,12 +15,12 @@ vouch-proxy:
jwt-secret: ENC[AES256_GCM,data:wbl9lLyv2fY5tNNUm6k2RcsOb/2Qklrlq0QyThoiBBXKHQWOVOzGJnWgf/fa+EmpBnGOaN+SW0ZJragNYqFZpw==,iv:7fUWHUF9gnXdBUw32cfXCTMGqv3q2gwA+r/ybi3W5ro=,tag:nROn69VULdWDt6jIa5W2YQ==,type:str]
client-secret: ENC[AES256_GCM,data:9MdP5wSTLI3MiwTkDOytj5jR1iM=,iv:pBwC+KElxqg+9rYfQ9gOHL/hs8dCoWmvnDonC6gOpxQ=,tag:krN4rGgkzfskdEn0v3Q2Zg==,type:str]
vaultwarden:
env: ENC[AES256_GCM,data:8pkcl5RlU1rC3j8g64ZVDMAg54Or8y7knfPDZsdK+pN71a6AbIYvGC1o2LEqWc+cDhj9i3u9uL+UszG0+gYmeQTl/54GubK7joi+L0wo+VJ6ofWB7iDc/3x+sJkgNTVaN5om7N1cMFEbsc9gS8K4p28/Hbz3m29A/pKSpGC0Qvt5tSxVIk+lcTEzXn3W4y/8nhWzugBEpYkhQp7NUN8XwkZLCmePkJqhkRKQZTJX1YUXlqvkqCGOsuGvEXRqn3Y6av1ixO6I,iv:kWS+AttP/uC+2D15gXO56UCFFhFvsA1bCO2q2bzfc1k=,tag:bkCWqh4H4bBS6z9cM+60Yw==,type:str]
env: ENC[AES256_GCM,data:gDM5bjo5/CBy4d+YoaAo//YD2bMrx+1h48l7hKc+SAT9okn9YGSQPqzSAWHLD7pLrn0yXBSaay4tVANnU6t82+aPPnrJKtONNMAR6z77CRm/3mUG2ih7HnEOLk7lf8uVO0OuNp0F6taefVjhYWwLE9nD7PoO0jxZBbIOsa2Slzn7YOIG8Pu34JsKL5dU4PFloyNuLyexhp69fDVKBj3v7z6w97vP6ThDFGyspiM53miHeAcKCKKVEM3x8yGgMfG+f/wFySSLhY2Xxheeiv+yS+qxraS3ymL04BY6ntPjFOokftN+w/R+L+4OXY9bUNMh1MsdI8A1Hwk/MqchZn4=,iv:mAst2dWbQKl3jCHlCHMYRCiX4UtH/svvNHlXC6j5zPc=,tag:9EE8bH85rojaCwgVlcK1tA==,type:str]
gitea:
smtp_password: ENC[AES256_GCM,data:PjpY7EZd13LK+3LaUle0BwrgXlBV9rFKHY2KYwarfm0=,iv:xgYgYE0grZUdwuX0pgfqfwx13TgVNrJGYIujqnIqbsk=,tag:VTvTzPsz+pu0knYGzgmhRg==,type:str]
db_password: ENC[AES256_GCM,data:4wpMoLEXGlWy4NV4+Kx1qnNnsLa+IT4coJylqSzq9/0=,iv:vF/p8tvr5AXBQslj8eTyTAuXfxIYzqO/PeeffTSSzl8=,tag:s7sHzhWG9LMpDB7Kvwp7gA==,type:str]
lego:
env: ENC[AES256_GCM,data:heYe9U9ASsnBkNP+/Y1v/mgCZbZ543AzmY4Lnzm+n+p6dQmnf+tObgmVK9PzvJ8rU2vUvXfNwsy3rBod76uZ7WEZneRCHjVGkwLHTMUCuAZeKFIeOBhdp41L4VVkEGDv6Zf+UWLV8iHz41hAXd1T1sjaHBKcrlzIKc9knMRTEb+1exnEOlrthgkmAkI0m5/uHaNadfWZPRfWL6j3oZk319WU+mPC5Aq6CNyB7x03CcyqWgOBA7nRPKhXH33jO/CS6ttVuZ8i59h5Orq/yP0dlg==,iv:RAv6LpFwY8g2UGWG/rfl4DjWpZjXIPHj/Nu24IYVgrU=,tag:7Q966q4X3WmFioAYY7Ge/w==,type:str]
env: ENC[AES256_GCM,data:Vvv4UT41taMx//Ypa2mK5ol0UiRMdtLBNNL7VQqbL5pMO6VmSyOJaDQ2Vh9AKyTuTcWtCx2VZhwicnIFKhnZBn2ifrikpqGI6q9+1vtlK3Ys7/I6CTDhJFyWXvKda0CvJ9ygPW1Qw62ewmV0teXNPsU5dQnaH6x8z/yZUdwAjQD/6scwU1NUyAjY7PrqB1S2kQDhFDBFD0Oxl6tT+xN72obrgWrh+l7dxWRjhPbq6kce+UCPpvnxt9H5JlraZKnsMTRLoi7X+mXBS5XNmeyuQg==,iv:9GZ4BMkG7QI1mR5FgQD7obz6x9jP4DHuZXVgKHOHaR0=,tag:VxCaUOchmMAJvrb8kgIn8Q==,type:str]
ssh-key: ENC[AES256_GCM,data:1YT7wI4ykEi1dis8+MlkLStri2vuHJs9tHefMNEdc1hA7/1KeS5KE7QHyn5xOSvBd9kO/mUjVptxfGiooqRy6dMN4U0JG+Akr+Ybsr5F1+ZltDPKwOYcnBpK47S5wm70OM4f9oiki8hJ4i0LrtuQq1L2x0pCCLuH2kNxbMgOomaRl8zW9vgR2B1lisRMv4pugCrNRkhqT9K2WTO3wOCZu9wj/C0IQwg07G0fW7Vuvt/p0/+rktRKDtm5F0aR4h8A+fbU6BxCfaQjHvu+A5aVCb2nvPTPtX80pOTerrcSTZe6bG5biN0n1Rq6xm9TtHLXvqFDTc1ES6dlAs0P4IgipGOeaCEvhkp+zCBF7iBg9Xj0kIJlXU1v36W8Xu7az+8fgYZXmizwgkw2eVJYpAnPx6oRmXQYpvHgzZJuVdvH/33E7Lg7j067bKC73fbQwtV97vBHfF+rrtr7w6IYwmxpRavyuB5Ze7xx48oVvMCInIk09KV2W3+ad+dZxrtOyVJHXzvh+H1UJeuAHIbsoH1b2C1sqOuhgu2BtmKIrfW8hX8Tjfc=,iv:XZtcySi+/XwPstuNyGa/nubABg+SE1r6iIfM/4n1+8Q=,tag:19W88F4xAxujD7VYtuVjBg==,type:str]
sops:
kms: []
@ -36,8 +37,8 @@ sops:
UDZXbzZzTUJKWHFBNGxjcy9UdGxMSzAKtMdXLsuvsmpjoDAK1GZSDHBWTLAl5iJY
NRGL2GSkh72m1tQ5AXma34DR7WBNgwSkedLP6p/TR/J1ABpMJa551Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-02T12:53:04Z"
mac: ENC[AES256_GCM,data:CB7QtrRMg3FYNKzd72Nce1+tKNa9Is+/HsOfeSA6tXVsdYrJ8BMILcrg0nE4OAbra04A7ZlgMGWRTW2ECJPh9vYNSKdvonqjTXH8ERrZ5p6odA8LQdMt5/CmF7G/FQBVpi5GDmtKMPu1QXnqhBM6d+9tDmkrCYNWFtfYMNu6s9Y=,iv:2Qq18VnEL16GGSPfMQ35RfjFrjfwKovjwvcKl+W/aFg=,tag:yp6edrZMvYnt4EX2gc+qRQ==,type:str]
lastmodified: "2024-10-03T14:53:19Z"
mac: ENC[AES256_GCM,data:Nmh4zUDAbUOVJmQYA786anrLxQuDr1p1jn9M1VgcYpHC/SoVD7Hr/DQoShvHNRaEIelbd1xkno3c+tyr0bbclrrrQNQ29Hjx6P5MSjUSLdDn8oxyhD5Lh0oCmryDjdxmV8YtoE5wdCpHmKwEN2hjW1vicrQSUoL2vef0kr71tCc=,iv:I+ecWQewKHh7cYDL7+MEIdEDTyCebZPxXWCyQeL4PzE=,tag:VEUKJKbBNqTMiNxk17Fqmg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0