feat(services/grafana): use proper secrets

1 files changed, 2 insertions, 1 deletions

diff --git a/modules/services/metrics.nix b/modules/services/metrics.nix
index 74f7e9a..145d1fe 100644
--- a/modules/services/metrics.nix
+++ b/modules/services/metrics.nix
@@ -9,6 +9,7 @@ in
     enable = mkEnableOption "metrics";
     domain = mkOption { type = types.str; };
     tls.acmeHost = mkOption { type = types.str; default = cfg.domain; };
+    secrets.adminPassword = mkOption { type = types.str; description = "path to the admin password"; };
   };
 
   config = mkIf cfg.enable {
@@ -138,7 +139,7 @@ in
       settings.server.http_addr = "127.0.0.1";
       settings.server.http_port = 2342;
       settings.server.domain = cfg.domain;
-      settings.security.admin_password = "supersecurepass";
+      settings.security.admin_password = "$__file{${cfg.secrets.adminPassword}}";
     };
 
     services.nginx.virtualHosts.${cfg.domain} = {