Server: migrate secrets to sops
This commit is contained in:
parent
859a4b20a5
commit
b668212daf
5 changed files with 35 additions and 63 deletions
|
|
@ -1,23 +1,16 @@
|
|||
{
|
||||
config,
|
||||
flakeSelf,
|
||||
...
|
||||
}: let
|
||||
{config, ...}: let
|
||||
domain = "monitoring.everest.tailscale";
|
||||
in {
|
||||
users.users.caddy.extraGroups = ["grafana"];
|
||||
age.secrets = let
|
||||
hostSecrets = "${flakeSelf.inputs.secrets}/" + config.networking.hostName + "/";
|
||||
sops.secrets = let
|
||||
owner = "grafana";
|
||||
group = "grafana";
|
||||
in {
|
||||
grafanaAdminName = {
|
||||
file = hostSecrets + "grafana/admin_name.age";
|
||||
owner = "grafana";
|
||||
group = "grafana";
|
||||
"grafanaAdmin/username" = {
|
||||
inherit owner group;
|
||||
};
|
||||
grafanaAdminPassword = {
|
||||
file = hostSecrets + "grafana/admin_password.age";
|
||||
owner = "grafana";
|
||||
group = "grafana";
|
||||
"grafanaAdmin/password" = {
|
||||
inherit owner group;
|
||||
};
|
||||
};
|
||||
services = {
|
||||
|
|
@ -34,8 +27,8 @@ in {
|
|||
settings = {
|
||||
analytics.reporting_enabled = false;
|
||||
security = {
|
||||
admin_user = "$__file{${config.age.secrets.grafanaAdminName.path}}";
|
||||
admin_password = "$__file{${config.age.secrets.grafanaAdminPassword.path}}";
|
||||
admin_user = "$__file{${config.sops.secrets."grafanaAdmin/username".path}}";
|
||||
admin_password = "$__file{${config.sops.secrets."grafanaAdmin/password".path}}";
|
||||
cookie_secure = true;
|
||||
strict_transport_security = true;
|
||||
content_security_policy = true;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue