sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: propagate influxdb token secrets properly and simplify distributed configuration implementation (repo.nodes)

Browse source
This commit is contained in:
oddlama 2023-08-16 23:51:13 +02:00
parent 0ed8f2041d
commit c494c66f5a
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
5 changed files with 58 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

29
hosts/ward/microvms/grafana.nix
View file

@ -29,16 +29,25 @@ in {
group = "grafana";
};
nodes.ward-influxdb.services.influxdb2.provision.ensureApiTokens = [
{
name = "grafana servers:telegraf (${config.node.name})";
org = "servers";
user = "admin";
readBuckets = ["telegraf"];
writeBuckets = ["telegraf"];
tokenFile = config.age.secrets.grafana-influxdb-token.path;
}
];
nodes.ward-influxdb = {
# Mirror the original secret on the influx host
age.secrets."grafana-influxdb-token-${config.node.name}" = {
inherit (config.age.secrets.grafana-influxdb-token) rekeyFile;
mode = "440";
group = "influxdb2";
};
services.influxdb2.provision.ensureApiTokens = [
{
name = "grafana servers:telegraf (${config.node.name})";
org = "servers";
user = "admin";
readBuckets = ["telegraf"];
writeBuckets = ["telegraf"];
tokenFile = nodes.ward-influxdb.config.age.secrets."grafana-influxdb-token-${config.node.name}".path;
}
];
};
nodes.sentinel = {
age.secrets.loki-basic-auth-hashes.generator.dependencies = [