From 2842058f23ed5a98732fd650f47824d13e9bb786 Mon Sep 17 00:00:00 2001 From: uku Date: Wed, 4 Dec 2024 12:19:32 +0100 Subject: [PATCH] fix(etna): set vmauth token again this is an ugly, hacky fix, waiting for a better solution --- secrets/etna/vmauthEnv.age | 17 +++++++++++++++++ secrets/secrets.nix | 1 + systems/etna/metrics.nix | 4 +++- 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 secrets/etna/vmauthEnv.age diff --git a/secrets/etna/vmauthEnv.age b/secrets/etna/vmauthEnv.age new file mode 100644 index 0000000..ea1f204 --- /dev/null +++ b/secrets/etna/vmauthEnv.age @@ -0,0 +1,17 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZHdmMjdOTkFNZzY3UC83 +d00xb3MwcmlSSGRtcVhYTWdWdUpsdmhQZ2xnCmE4Tkt0bzB4Z29lMTFMSzEvR0k4 +VUlFVVY5RGdyaFJyS1pkc2g4VGY2VEUKLT4gWDI1NTE5IFY2SFdpdlIrYnBTd1ZX +STREdWZjQ3JOOThVNFBLRUtLUEViVnorcTJHeVUKcUJ4M09vaUlzKzM0QW5WOU0r +LzNGTEcyWEJlSnNud1h1VlJVY1VuV2dCYwotPiBYMjU1MTkgUENxTkhUSE5SUXZI +NE9SQkJTVU10RWp3YTc3d09zd05BT2ROSXhST3RVMApydlQxUjdKNkhrRG5HWVRk +eTF0QjBUVmJ4dndUbmFaZFUvM3JaZTE3djlnCi0+IFgyNTUxOSArZi9VM2dVMVRN +bjZxSk1FZlNoL0pLNFg4RGJ4Y1VlMEJGdkNTaHQyem5VCmVVaEdOQmhyOFpENWdN +WXBYN01YU0xESmMybHBocHZWTVJGc2YrZFpxdHcKLS0tIDdiTngrUHJCWU9PYVow +TVFVTUxrV1M5NFEwQzdUM0ZjMGVqaHhvM2hhbnMKlx7IO02Yx2u0jAXj/6qnUjF1 +j87tucKv9X5YHkreU5u/C/x+NCvjR2SckJxJ8wDvhxeu/0WhkTWV2gG56kkf5BiT +QEA5UHkt157SIDM4FgH1VlmWr6lnhPdr+nQJB51BQNM70adOdY6qdmQ7BJ5W754G +BqnEKtZUQE+IV7esHNObKXnbkxf99KCiUxhGXHfbu/jdG/hCTBUbbEKpHGlot3xF +2XeVslCvdO49Jq24ae71fDo1/gbE2QKXgueBWU9jLXI96YCvRiqwIY7SqSz0Pr5O +bE9IRrs0rVQO +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 555a2db..ab7b04f 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -30,4 +30,5 @@ in { "etna/navidromeEnv.age".publicKeys = main ++ [etna]; "etna/forgejoRunnerSecret.age".publicKeys = main ++ [etna]; "etna/vaultwardenEnv.age".publicKeys = main ++ [etna]; + "etna/vmauthEnv.age".publicKeys = main ++ [etna]; } diff --git a/systems/etna/metrics.nix b/systems/etna/metrics.nix index 35dc42d..3403138 100644 --- a/systems/etna/metrics.nix +++ b/systems/etna/metrics.nix @@ -6,10 +6,12 @@ }: let vmcfg = config.services.victoriametrics; secrets = _utils.setupSharedSecrets config {secrets = ["vmAuthToken"];}; + vmauthEnv = _utils.setupSingleSecret config "vmauthEnv" {}; in { imports = [ mystia.nixosModules.vmauth secrets.generate + vmauthEnv.generate ]; cfTunnels = { @@ -59,7 +61,7 @@ in { services.vmauth = { enable = true; listenAddress = "127.0.0.1:9089"; - environmentFile = secrets.get "vmAuthToken"; + environmentFile = vmauthEnv.path; authConfig.users = [ { bearer_token = "%{VM_AUTH_TOKEN}";