uku/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(etna): set vmauth token again

Browse source 
this is an ugly, hacky fix, waiting for a better solution
This commit is contained in:
uku 2024-12-04 12:19:32 +01:00
parent 590cabff51
commit 2842058f23
Signed by: uku
SSH key fingerprint: SHA256:4P0aN6M8ajKukNi6aPOaX0LacanGYtlfjmN+m/sHY/o
3 changed files with 21 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

17
secrets/etna/vmauthEnv.age Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZHdmMjdOTkFNZzY3UC83
d00xb3MwcmlSSGRtcVhYTWdWdUpsdmhQZ2xnCmE4Tkt0bzB4Z29lMTFMSzEvR0k4
VUlFVVY5RGdyaFJyS1pkc2g4VGY2VEUKLT4gWDI1NTE5IFY2SFdpdlIrYnBTd1ZX
STREdWZjQ3JOOThVNFBLRUtLUEViVnorcTJHeVUKcUJ4M09vaUlzKzM0QW5WOU0r
LzNGTEcyWEJlSnNud1h1VlJVY1VuV2dCYwotPiBYMjU1MTkgUENxTkhUSE5SUXZI
NE9SQkJTVU10RWp3YTc3d09zd05BT2ROSXhST3RVMApydlQxUjdKNkhrRG5HWVRk
eTF0QjBUVmJ4dndUbmFaZFUvM3JaZTE3djlnCi0+IFgyNTUxOSArZi9VM2dVMVRN
bjZxSk1FZlNoL0pLNFg4RGJ4Y1VlMEJGdkNTaHQyem5VCmVVaEdOQmhyOFpENWdN
WXBYN01YU0xESmMybHBocHZWTVJGc2YrZFpxdHcKLS0tIDdiTngrUHJCWU9PYVow
TVFVTUxrV1M5NFEwQzdUM0ZjMGVqaHhvM2hhbnMKlx7IO02Yx2u0jAXj/6qnUjF1
j87tucKv9X5YHkreU5u/C/x+NCvjR2SckJxJ8wDvhxeu/0WhkTWV2gG56kkf5BiT
QEA5UHkt157SIDM4FgH1VlmWr6lnhPdr+nQJB51BQNM70adOdY6qdmQ7BJ5W754G
BqnEKtZUQE+IV7esHNObKXnbkxf99KCiUxhGXHfbu/jdG/hCTBUbbEKpHGlot3xF
2XeVslCvdO49Jq24ae71fDo1/gbE2QKXgueBWU9jLXI96YCvRiqwIY7SqSz0Pr5O
bE9IRrs0rVQO
-----END AGE ENCRYPTED FILE-----

1
secrets/secrets.nix
View file

@ -30,4 +30,5 @@ in {
"etna/navidromeEnv.age".publicKeys = main ++ [etna];
"etna/forgejoRunnerSecret.age".publicKeys = main ++ [etna];
"etna/vaultwardenEnv.age".publicKeys = main ++ [etna];
"etna/vmauthEnv.age".publicKeys = main ++ [etna];
}

4
systems/etna/metrics.nix
View file

@ -6,10 +6,12 @@
}: let
vmcfg = config.services.victoriametrics;
secrets = _utils.setupSharedSecrets config {secrets = ["vmAuthToken"];};
vmauthEnv = _utils.setupSingleSecret config "vmauthEnv" {};
in {
imports = [
mystia.nixosModules.vmauth
secrets.generate
vmauthEnv.generate
];
cfTunnels = {
@ -59,7 +61,7 @@ in {
services.vmauth = {
enable = true;
listenAddress = "127.0.0.1:9089";
environmentFile = secrets.get "vmAuthToken";
environmentFile = vmauthEnv.path;
authConfig.users = [
{
bearer_token = "%{VM_AUTH_TOKEN}";