about summary refs log tree commit diff
path: root/systems/cobalt
diff options
context:
space:
mode:
authorsefidel <contact@sefidel.net>2023-04-04 22:18:34 +0900
committersefidel <contact@sefidel.net>2023-04-04 22:18:34 +0900
commitba2f957f393596b4a569d2880a93ddb497163aa4 (patch)
tree4b2ecfd6702e2b1d75886ac09657540a65d3c0b8 /systems/cobalt
parentce06f43476863da90dc60dcee606d2b6c5a89a8e (diff)
downloadinfra-ba2f957f393596b4a569d2880a93ddb497163aa4.tar.gz
infra-ba2f957f393596b4a569d2880a93ddb497163aa4.zip
feat(services/grafana): use proper secrets
Diffstat (limited to 'systems/cobalt')
-rw-r--r--systems/cobalt/default.nix2
-rw-r--r--systems/cobalt/secrets/secrets.yaml5
2 files changed, 5 insertions, 2 deletions
diff --git a/systems/cobalt/default.nix b/systems/cobalt/default.nix
index 0a5cfe0..f369fec 100644
--- a/systems/cobalt/default.nix
+++ b/systems/cobalt/default.nix
@@ -134,6 +134,7 @@ in
     bsd-finger
   ];
 
+  sops.secrets.grafana-admin-pass = { owner = "grafana"; };
   sops.secrets.acme-envs = {
     owner = "acme";
   };
@@ -154,6 +155,7 @@ in
       enable = true;
       domain = "status.exotic.sh";
       tls.acmeHost = "exotic.sh";
+      secrets.adminPassword = config.sops.secrets.grafana-admin-pass.path;
     };
 
     services.coredns.enable = false;
diff --git a/systems/cobalt/secrets/secrets.yaml b/systems/cobalt/secrets/secrets.yaml
index 8e0c0e5..55418aa 100644
--- a/systems/cobalt/secrets/secrets.yaml
+++ b/systems/cobalt/secrets/secrets.yaml
@@ -8,6 +8,7 @@ turn-secret: ENC[AES256_GCM,data:JA5/BlGwH6yIjYsFZGa8Nm8XVbOBKpre+NFybniOtlmbSx8
 openldap-admin-key: ENC[AES256_GCM,data:WBBDPFDW6Q4sJ5+/pK8kAe6iFgJ8gGgi3eCVNvZB,iv:1rnmhu29UGsXLxD9Ptbv7P67EAYgKVk1dlkM6p0L4vA=,tag:yNRrHMI2yT8Oo7qkwxSeUg==,type:str]
 sefidel-imap-pass: ENC[AES256_GCM,data:rx9hZb+BARs9gB+XLLRMLWDSx67KqkKB1/4nOOtU9i56uagMprFEeDnh8pEaioZbNlqjJRO8kWTBBvWZ,iv:WxKLp0VmwfxVFZt9cnZUbp4wn5WEHubImp8fQy2bXyg=,tag:Vzh0Ntz8iFaSIEf2wjbOKg==,type:str]
 internal-imap-pass: ENC[AES256_GCM,data:ydjz/NthnJZFLrR1M+p0xEy5xhM8MbPtqE10r0s1DWDFZoyXwRRrIYefFZheW29EjY3VBfr3zWcRIbNm,iv:6hU/dHADbn4pNi0vlJG8BoyQW1ohByINSO6y+nJddfY=,tag:j67D2stmq2A+ulhFIYkZPA==,type:str]
+grafana-admin-pass: ENC[AES256_GCM,data:88z+mLcZ5s1u/8LWYcnOOhWTkff8sv1NIhQ=,iv:YdGaKCaq1bCCLsuYIug6NFO2rhqX/Xyt5yQ/hgWOfko=,tag:D+xWcN2bC2Q1Q2mjtpWqLg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -32,8 +33,8 @@ sops:
             cUpBZ01CMEFjNnNuWjlYejVKajkwcGMKehqYCZP0zZHDTfJrC/5LYiE/3doa0OiM
             OKXhOuUX8HF8RfkyiOSMpntxuNX2jSvd9sQRYnHkUvgm793+IuQjrg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-03-27T15:19:33Z"
-    mac: ENC[AES256_GCM,data:CyVH0paaTqnff98h5CSCas3YYYYAxEtyYdkjyFBfN/Nwfpe3e71O6YwLZgzAZoiaN+1FuF0kls5WmvDNdx95rEC4yvxQACA75iRyP95B5Q9iN9SGGld0Ii8wPY6s0QkJX+OL7mCllH/gC0J2gOpnPxRB9k5v5FXtKHmJtj5kfaI=,iv:ytWBOy2VTWtVlPbrXiHF5BNxbCmQ194x6aeMh1pd7vc=,tag:0J77TO1y8OTXzdODqANkEw==,type:str]
+    lastmodified: "2023-04-04T12:50:47Z"
+    mac: ENC[AES256_GCM,data:E7mzoKJ8K+exnMrC4EKkrBhO/pjWHQrWsctI9AFbVu78vHCcB9RLavdubJpHgEzMqSzPW35UylPM8X6cNTXNKtc7peYpMFvSttJxjfKDB1EY/op2gZ8H2XWpirbnY+NT3ty5HEzMZJOgTYFhtXXSnpsolqWhIERtq2SQ8s0OVog=,iv:WRviTHCjNd5u53LUvtV+mQop5MybNTeQF8wvj4EyvLQ=,tag:R6xd/wMaF50xbd9s4lxz4g==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3