From 0ed8f2041d1cd906db425067928e37ced0c402b7 Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Wed, 16 Aug 2023 22:41:20 +0200
Subject: [PATCH] feat: use declarative influxdb token for grafana

---
 hosts/ward/microvms/grafana.nix                   |  14 +++++++++++++-
 .../ward-grafana/grafana-influxdb-token.age       | Bin 0 -> 473 bytes
 2 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 secrets/generated/ward-grafana/grafana-influxdb-token.age

diff --git a/hosts/ward/microvms/grafana.nix b/hosts/ward/microvms/grafana.nix
index 2e1c606..1b47a4c 100644
--- a/hosts/ward/microvms/grafana.nix
+++ b/hosts/ward/microvms/grafana.nix
@@ -23,11 +23,23 @@ in {
   };
 
   age.secrets.grafana-influxdb-token = {
-    rekeyFile = config.node.secretsDir + "/grafana-influxdb-token.age";
+    generator.script = "alnum";
+    generator.tags = ["influxdb"];
     mode = "440";
     group = "grafana";
   };
 
+  nodes.ward-influxdb.services.influxdb2.provision.ensureApiTokens = [
+    {
+      name = "grafana servers:telegraf (${config.node.name})";
+      org = "servers";
+      user = "admin";
+      readBuckets = ["telegraf"];
+      writeBuckets = ["telegraf"];
+      tokenFile = config.age.secrets.grafana-influxdb-token.path;
+    }
+  ];
+
   nodes.sentinel = {
     age.secrets.loki-basic-auth-hashes.generator.dependencies = [
       config.age.secrets.grafana-loki-basic-auth-password
diff --git a/secrets/generated/ward-grafana/grafana-influxdb-token.age b/secrets/generated/ward-grafana/grafana-influxdb-token.age
new file mode 100644
index 0000000000000000000000000000000000000000..c606003c5f8b0ea5d3c5fdffbe95d0cb63898d67
GIT binary patch
literal 473
zcmWm7&#RMg008g^g7PnjPM+!@=C7&q@B%lrIh$_k{4s)X>eRXU<EuHhpgILb$BvIq
zLESpMcPxUs1oa3y#5;6|=oSP)L7j^C`3F8;6ry3~gKbeKd3HGm5!Mh8dIfe!nkG1y
zX7M($GC`WBG?B2AN)?T55Ot)+8O7O_S{VeUNkKdlacE{c-B?kz9_BSWKQIQGIpV24
z67dCNd;D}TQN_&SJJmQn8H%Jq3zBBwwlu=-1m?-M;;xPt0RY=fmQ9fR64y^hIFh?U
z!*wJDXN0V;yKY-Tl!TWl;~QB>dF6Z<=u#ZynBQBrZZ;p<nlPwhU0STl2tT=QQ#2ZZ
z(5pgNh4=R08;jKGTFd}KqQSZbLyWm511I41dLph@G3OS9(BUX#z7cY@?z^VEXh@A$
zECp;#LDShvA!3o+C{Tg#2z#3M)O4c@=FR17?MMO-p(qL`K4NkD$X-~;+H@+q*qP+a
zs!M-5v=~-d+n^^?nARd-1AV`DoqY}J{@;)Cnf*tv##{EndvI(2r}yI9<0t>lpStt)
z@c6;e?;l?d-@Yt<L6;t$yO_ey&MuEn)8f<n-t(S(5Fh;cfPcRGjx;{KQI7rtRMe*W

literal 0
HcmV?d00001