grafana: fix error undefing var config and firewall config

2025-03-05 21:10:13 +01:00 · 2025-03-05 21:10:13 +01:00 · 003cd2d19e
commit 003cd2d19e
parent f11bc1b50a
1 changed files with 17 additions and 9 deletions
--- a/systems/grafana.noc.eh22.intern.nix
+++ b/systems/grafana.noc.eh22.intern.nix
@ -1,10 +1,25 @@
 {
  pkgs,
+  config,
+  modulesPath,
+  lib,
  ...
 }:
 {
  imports = [];

+  sops = {
+    defaultSopsFile = ../secrets/passwords.yaml;
+    secrets."vms/grafana/admin_password" = {
+      mode = "0440";
+      owner = "grafana";
+      group = "grafana";
+      restartUnits = [ "grafana.service" ];
+    };
+  };
+
+  # configure static IP address
+  networking.useDHCP = false;
  systemd.network = {
    enable = true;
    networks = {
@ -16,6 +31,8 @@
    };
  };

+  networking.firewall.allowedTCPPorts = [ 80 ];
+
  services.grafana = {
    enable = true;
    security.admin_password = "$__file{${sops.secrets.vms.grafana.admin_password.path}}";
@ -32,15 +49,6 @@
    };
  };

-  sops = {
-    defaultSopsFile = ../secrets/passwords.yaml;
-    "vms"."grafana"."admin_password" = {
-      mode = "0440";
-      owner = "grafana";
-      group = "grafana";
-      restartUnits = [ "grafana.service" ];
-    };
-  };
  # DO NOT CHANGE
  # this defines the first version of NixOS that was installed on the machine so that programs with non-migratable data files are kept compatible
  home-manager.users.noc.home.stateVersion = "24.11";