Commit dd190080ab5c
Changed files (3)
secrets/sakhalin/grafana-secret-key.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> piv-p256 ItIHHA AmSE7Cy9POkNkvdYi3yxe/AvbpubXbS8wIrcsV7g9Xwy
+SRdRH073hXGzJuoJ4uLS3uJNG+JSCfhU+4xjWwJNl1w
+-> piv-p256 cUinNw AjYwxCfYygZyIhxI3zAp4cmzDl0dCqOH/WoUW5hSQatS
+1KqKhWEEHIjqBp/z+5HOifyVJ7W5/nqMNFLxbZDjoUg
+-> ssh-ed25519 /TxA1A P6VJOmJaqurtrbBNajTwKnzemm1TbYvXxVuauuKZZEs
+TkmMtSVOYDPk8E7Zib5yEumu3w0Ts88W3Hh9qeOG0Vw
+--- UvVT8vrdW5vlXBPOWtplUeXq3POctnM80JSPB62cnXU
+�3��v<)��-Q��ô-.7�m䅠�O\W�ފa�5�r� ���w<��!!ԩy����[�<1�:�
+�Y[�V��g�����
��e`�'V��ʻ
\ No newline at end of file
systems/sakhalin/extra.nix
@@ -97,6 +97,11 @@ in
mode = "400";
owner = "grafana";
};
+ age.secrets."grafana-secret-key" = {
+ file = ../../secrets/sakhalin/grafana-secret-key.age;
+ mode = "400";
+ owner = "grafana";
+ };
age.secrets."ntfy-token" = {
file = ../../secrets/sakhalin/ntfy-token.age;
mode = "440";
@@ -163,6 +168,7 @@ in
domain = "grafana.sbr.pm";
root_url = "https://grafana.sbr.pm";
};
+ security.secret_key = "$__file{${config.age.secrets."grafana-secret-key".path}}";
};
provision = {
secrets.nix
@@ -148,6 +148,7 @@ in
"secrets/rhea/jellyfin-favorites-sync-ssh-key.age".publicKeys = users ++ [ rhea ];
"secrets/rhea/webdav-password.age".publicKeys = users ++ [ rhea ];
"secrets/sakhalin/grafana-admin-password.age".publicKeys = users ++ [ sakhalin ];
+ "secrets/sakhalin/grafana-secret-key.age".publicKeys = users ++ [ sakhalin ];
"secrets/sakhalin/ntfy-token.age".publicKeys = users ++ [
sakhalin
aion