about summary refs log tree commit diff
path: root/modules
diff options
context:
space:
mode:
authorsefidel <contact@sefidel.net>2023-04-04 22:18:34 +0900
committersefidel <contact@sefidel.net>2023-04-04 22:18:34 +0900
commitba2f957f393596b4a569d2880a93ddb497163aa4 (patch)
tree4b2ecfd6702e2b1d75886ac09657540a65d3c0b8 /modules
parentce06f43476863da90dc60dcee606d2b6c5a89a8e (diff)
downloadinfra-ba2f957f393596b4a569d2880a93ddb497163aa4.tar.gz
infra-ba2f957f393596b4a569d2880a93ddb497163aa4.zip
feat(services/grafana): use proper secrets
Diffstat (limited to 'modules')
-rw-r--r--modules/services/metrics.nix3
1 files changed, 2 insertions, 1 deletions
diff --git a/modules/services/metrics.nix b/modules/services/metrics.nix
index 74f7e9a..145d1fe 100644
--- a/modules/services/metrics.nix
+++ b/modules/services/metrics.nix
@@ -9,6 +9,7 @@ in
     enable = mkEnableOption "metrics";
     domain = mkOption { type = types.str; };
     tls.acmeHost = mkOption { type = types.str; default = cfg.domain; };
+    secrets.adminPassword = mkOption { type = types.str; description = "path to the admin password"; };
   };
 
   config = mkIf cfg.enable {
@@ -138,7 +139,7 @@ in
       settings.server.http_addr = "127.0.0.1";
       settings.server.http_port = 2342;
       settings.server.domain = cfg.domain;
-      settings.security.admin_password = "supersecurepass";
+      settings.security.admin_password = "$__file{${cfg.secrets.adminPassword}}";
     };
 
     services.nginx.virtualHosts.${cfg.domain} = {