From 3d9a29b85780446ba1930108d2445d687b1ca36b Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 11 Sep 2024 14:58:17 -0500 Subject: [PATCH] Grafana password --- nixos/beefcake.nix | 17 +++++++++++++++-- secrets/beefcake/secrets.yml | 5 +++-- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix index d14604f..2621f56 100644 --- a/nixos/beefcake.nix +++ b/nixos/beefcake.nix @@ -1486,9 +1486,15 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 }; }; services.restic.commonPaths = [ - # TODO: do I want this backed up? - # "/storage/grafana" + "/storage/grafana" ]; + sops.secrets = { + grafana-admin-password = { + owner = "grafana"; + group = "grafana"; + mode = "0400"; + }; + }; services.grafana = { enable = true; dataDir = "/storage/grafana"; @@ -1499,6 +1505,13 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00 server = { http_port = 3814; }; + security = { + admin_email = "daniel@lyte.dev"; + admin_user = "lytedev"; + admin_file = ''$__file{${config.sops.secrets.grafana-admin-password.path}}''; + }; + # database = { + # }; }; }; networking.firewall.allowedTCPPorts = [ diff --git a/secrets/beefcake/secrets.yml b/secrets/beefcake/secrets.yml index 315fdd9..d2507db 100644 --- a/secrets/beefcake/secrets.yml +++ b/secrets/beefcake/secrets.yml @@ -15,6 +15,7 @@ plausible-admin-password: ENC[AES256_GCM,data:dC9olypZgMLdPOsmjthOaa/fMLtbGBlF9A plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str] plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str] nextcloud-admin-password: ENC[AES256_GCM,data:QaoSZyommeGED3nWNru92UVO2tjk24HE9fWX7ExYT101o4ZL411TmV1TXHSyfwjmE7yLIm1K/j4xpEbIY3zvFg==,iv:xC5EZVPHumVPOob5jiiXMFAmdFQcFSUPtZgioAgGDDs=,tag:Q/kY38XWkGsqcmCkd2lodg==,type:str] +grafana-admin-password: ENC[AES256_GCM,data:SpxQ7FgFoF5cZj5+1ug=,iv:NaQPIqFE62PHC14rT/xqYchdt7IykS8jJhuGRcC2SjM=,tag:Q8QtHiE4Beh5GG/IcvjG4w==,type:str] netlify-ddns-password: ENC[AES256_GCM,data:mz9MS93ZPbtziwo56DP27q5ZgA1rgCptQpgTPrq2Ihc3KjSxSACJ6p6t8NjRPr4lSDLPzDa47OnRct/N4fcm5Q==,iv:upOh9S0wvTXBwfso3GhQzpl5befY0T0hTW/LGNcvv0k=,tag:/LNP0wIaxtExulV0blVkXA==,type:str] #ENC[AES256_GCM,data:IDauOj95sPt6LQkNWOaAV3AR7XPHJljX7Gef/IgtzC227ln7aKpVLCbhxD6pNTwd9/KhIXJp3vagCjfgkO/utA==,iv:Pn5jIPsFMBA2xnp3SUBgBug1NN8d3h3zy1pGVzO2hO0=,tag:NzhLA7nqE7SRRMV+rKgCjQ==,type:comment] forgejo-runner.env: ENC[AES256_GCM,data:x4EaDzK4W34ZEZ/Inakore2YABZf8e7TBBjoC6xTPZ9GBrSZCE85FOcHAmMXPDo=,iv:bNGOsLnhxnlC/opCKT1DSsGoWdmgJ8NgEPY3ySlN108=,tag:Ijp3qHBSdv6EDaZdomJhAA==,type:str] @@ -48,8 +49,8 @@ sops: bGpacHFRSkJYUUMwOEh4cVBXZ1NESmsKa5EhZ7148ojCqZldukLcPLr93HqnpNgq rMI0Nyz4Z4lkTVMRpA94zyNTkNwJ02/CYcKi8EJi6jGZnNPUTcnTwg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-06T21:22:57Z" - mac: ENC[AES256_GCM,data:suoBGuZnfZpo55g+sq6MXDvecwhhWRS9gtTlCvnWmSvWT+K8TFXHcz9cLZT5U2N4ueSYJovRoKPoAv9rKgtLHSSg+JKI0b0cErQge75970bTbeMKMl+SJmYF0T0ht5+8n5zjhnQjVo2mHmJJI1IekumsoNJ9+F6USPBidiK0uNU=,iv:7dMsEnXylvn0vVfmU9pQt1BgrqfKdSyoBbNTUZ782Uo=,tag:E3u9LVcdTKa7mjAxQ/m9rw==,type:str] + lastmodified: "2024-09-11T19:52:21Z" + mac: ENC[AES256_GCM,data:Vp4vxT+koS3a4iY6u62aH+vAsgztpIZpzdzEkXv2I4ycYM5EHNAS09oeKH3+hpIuRLZ0o6txo+BXqGGqLyNVPL5kBJygOa1kRsdf0TC6z2lutCeh6/R2EAPLzJUBVJ6T9dWSOT3Q7PYjXOVlqu4uHr0DZsLfHDBORAZ/B95vyrc=,iv:GQF3woxacyK9o07n0LGE91PS6CCZ7g/yJgL5BniCffg=,tag:9D158qqTma/I2p/f7bwl3A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0