diff options
author | sefidel <contact@sefidel.net> | 2023-04-04 22:18:34 +0900 |
---|---|---|
committer | sefidel <contact@sefidel.net> | 2023-04-04 22:18:34 +0900 |
commit | ba2f957f393596b4a569d2880a93ddb497163aa4 (patch) | |
tree | 4b2ecfd6702e2b1d75886ac09657540a65d3c0b8 /modules/services | |
parent | ce06f43476863da90dc60dcee606d2b6c5a89a8e (diff) | |
download | infra-ba2f957f393596b4a569d2880a93ddb497163aa4.tar.gz infra-ba2f957f393596b4a569d2880a93ddb497163aa4.zip |
feat(services/grafana): use proper secrets
Diffstat (limited to 'modules/services')
-rw-r--r-- | modules/services/metrics.nix | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/modules/services/metrics.nix b/modules/services/metrics.nix index 74f7e9a..145d1fe 100644 --- a/modules/services/metrics.nix +++ b/modules/services/metrics.nix @@ -9,6 +9,7 @@ in enable = mkEnableOption "metrics"; domain = mkOption { type = types.str; }; tls.acmeHost = mkOption { type = types.str; default = cfg.domain; }; + secrets.adminPassword = mkOption { type = types.str; description = "path to the admin password"; }; }; config = mkIf cfg.enable { @@ -138,7 +139,7 @@ in settings.server.http_addr = "127.0.0.1"; settings.server.http_port = 2342; settings.server.domain = cfg.domain; - settings.security.admin_password = "supersecurepass"; + settings.security.admin_password = "$__file{${cfg.secrets.adminPassword}}"; }; services.nginx.virtualHosts.${cfg.domain} = { |