EH22/nox
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

grafana: fix error undefing var config and firewall config

Browse source
This commit is contained in:
chris 2025-03-05 21:10:13 +01:00
parent f11bc1b50a
commit 003cd2d19e
Signed by: c6ristian
SSH key fingerprint: SHA256:B3m+yzpaxGXSEcDBpPHfvza/DNC0wuX+CKMeGq8wgak
1 changed files with 17 additions and 9 deletions

26
systems/grafana.noc.eh22.intern.nix
View file

@ -1,10 +1,25 @@
{ {
pkgs, pkgs,
config,
modulesPath,
lib,
... ...
}: }:
{ {
imports = []; imports = [];
sops = {
defaultSopsFile = ../secrets/passwords.yaml;
secrets."vms/grafana/admin_password" = {
mode = "0440";
owner = "grafana";
group = "grafana";
restartUnits = [ "grafana.service" ];
};
};
# configure static IP address
networking.useDHCP = false;
systemd.network = { systemd.network = {
enable = true; enable = true;
networks = { networks = {
@ -16,6 +31,8 @@
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 ];
services.grafana = { services.grafana = {
enable = true; enable = true;
security.admin_password = "$__file{${sops.secrets.vms.grafana.admin_password.path}}"; security.admin_password = "$__file{${sops.secrets.vms.grafana.admin_password.path}}";
@ -32,15 +49,6 @@
}; };
}; };
sops = {
defaultSopsFile = ../secrets/passwords.yaml;
"vms"."grafana"."admin_password" = {
mode = "0440";
owner = "grafana";
group = "grafana";
restartUnits = [ "grafana.service" ];
};
};
# DO NOT CHANGE # DO NOT CHANGE
# this defines the first version of NixOS that was installed on the machine so that programs with non-migratable data files are kept compatible # this defines the first version of NixOS that was installed on the machine so that programs with non-migratable data files are kept compatible
home-manager.users.noc.home.stateVersion = "24.11"; home-manager.users.noc.home.stateVersion = "24.11";