From b1108821a9dbc617f02a4437c9300f5b0bdca479 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Fri, 10 Dec 2021 15:55:08 +0300 Subject: refactor(ops): Move grafana secret into agenix Change-Id: Id141758135c796881e91d20b950dae74c40d9ab3 --- ops/machines/whitby/default.nix | 3 ++- ops/secrets/grafana.age | Bin 0 -> 529 bytes ops/secrets/secrets.nix | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 ops/secrets/grafana.age diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index 41b53fa984..88c0aa9d03 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -209,6 +209,7 @@ in { in { clbot.file = secretFile "clbot"; gerrit-queue.file = secretFile "gerrit-queue"; + grafana.file = secretFile "grafana"; irccat.file = secretFile "irccat"; owothia.file = secretFile "owothia"; @@ -517,7 +518,7 @@ in { }; }; # Contains GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET. - systemd.services.grafana.serviceConfig.EnvironmentFile = "/etc/secrets/grafana"; + systemd.services.grafana.serviceConfig.EnvironmentFile = "/run/agenix/grafana"; security.sudo.extraRules = [ { diff --git a/ops/secrets/grafana.age b/ops/secrets/grafana.age new file mode 100644 index 0000000000..197fe94856 Binary files /dev/null and b/ops/secrets/grafana.age differ diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix index 75cc80cc91..66176c3b9e 100644 --- a/ops/secrets/secrets.nix +++ b/ops/secrets/secrets.nix @@ -17,6 +17,7 @@ in { "clbot-ssh.age" = default; "clbot.age" = default; "gerrit-queue.age" = default; + "grafana.age" = default; "irccat.age" = default; "owothia.age" = default; } -- cgit 1.4.1