fi/nix-infra
1
2
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

Migrate metrics-nekomesh to sops-nix

Browse source
This commit is contained in:
Fiona Grzebien 2026-05-24 00:39:39 +02:00
commit 7740eb01f2
Signed by: fi
SSH key fingerprint: SHA256:HQgl5VGC4+Yw3ds/0I/DqTge63SPBXvXwhNG/gRW26U
3 changed files with 57 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

33
config/hosts/metrics-nekomesh/grafana.nix
View file

@ -11,15 +11,15 @@
cookie_secure = true;
cookie_samesite = "strict";
admin_user = "admin";
admin_password = "$__file{/secrets/metrics-nekomesh-grafana-admin-password.secret}";
admin_password = "$__file{/run/secrets/metrics-nekomesh-grafana-admin-password}";
admin_email = "fi@nekover.se";
secret_key = "$__file{/secrets/metrics-nekomesh-grafana-secret-key.secret}";
secret_key = "$__file{/run/secrets/metrics-nekomesh-grafana-secret-key}";
};
smtp = {
enabled = true;
host = "mail.grzb.de:465";
user = "nekomesh@grzb.de";
password = "$__file{/secrets/mail-nekomesh-nekover-se.secret}";
password = "$__file{/run/secrets/mail-nekomesh-nekover-se}";
from_address = "nyareply@nekover.se";
from_name = "Nekomesh";
startTLS_policy = "NoStartTLS";
@ -29,7 +29,7 @@
name = "Nekoverse ID";
allow_sign_up = true;
client_id = "nekomesh";
client_secret = "$__file{/secrets/metrics-nekomesh-grafana-keycloak-client-secret.secret}";
client_secret = "$__file{/run/secrets/metrics-nekomesh-grafana-keycloak-client-secret}";
scopes = "openid email profile offline_access roles";
email_attribute_path = "email";
login_attribute_path = "preferred_username";
@ -52,4 +52,29 @@
}
];
};
sops.secrets."metrics-nekomesh-grafana-admin-password" = {
mode = "0440";
owner = "grafana";
group = "grafana";
restartUnits = [ "grafana.service" ];
};
sops.secrets."metrics-nekomesh-grafana-keycloak-client-secret" = {
mode = "0440";
owner = "grafana";
group = "grafana";
restartUnits = [ "grafana.service" ];
};
sops.secrets."metrics-nekomesh-grafana-secret-key" = {
mode = "0440";
owner = "grafana";
group = "grafana";
restartUnits = [ "grafana.service" ];
};
sops.secrets."mail-nekomesh-nekover-se" = {
mode = "0440";
owner = "grafana";
group = "grafana";
restartUnits = [ "grafana.service" ];
};
}