EH22/nox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix alloy

Browse source
This commit is contained in:
chris 2025-03-15 20:26:44 +01:00
parent a876ea0694
commit 43145bbd19
Signed by: c6ristian
SSH key fingerprint: SHA256:B3m+yzpaxGXSEcDBpPHfvza/DNC0wuX+CKMeGq8wgak
4 changed files with 44 additions and 26 deletions
.sops.yaml
modules
alloy.nix
secrets
passwords.yaml
systems/monitoring.noc.eh22.intern
system.nix

6
.sops.yaml
View file

@ -2,10 +2,14 @@ keys:
- &ccchh_pass "age1egd6nutd7y8x5kd3uqxjpu326u9rz2vsqth2ss8nhvjlts3ukgrqsj2a92"
- &user_lilly "age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d"
- &host_grafana "age1kr0vjyd0fmpccshm4kl2uw5jujh48r7vzhecvqgaf58cvdha79csaw7hz5"
- &host_resolvdns "age16q3ey64stpkhy9qayslvaejh70euxamxmheplsq8403kv5przgvqad5drd"
- &host_authdns "age1m88zefppn095rhtr0je5y5x93r2260z6kpgq65sc58m23qmqrvxspj0v0k"
creation_rules:
- path_regex: secrets/passwords.yaml
key_groups:
- age:
- *ccchh_pass
- *user_lilly
- *host_grafana
- *host_grafana
- *host_resolvdns
- *host_authdns

13
modules/alloy.nix
View file

@ -8,16 +8,16 @@
{
sops = {
secrets."services/loki/basic_auth" = {
mode = "0440";
owner = "alloy";
group = "alloy";
mode = "0444";
owner = "nobody";
group = "nobody";
restartUnits = [ "alloy.service" ];
sopsFile = ../secrets/passwords.yaml;
};
secrets."services/mimir/basic_auth" = {
mode = "0440";
owner = "alloy";
group = "alloy";
mode = "0444";
owner = "nobody";
group = "nobody";
restartUnits = [ "alloy.service" ];
sopsFile = ../secrets/passwords.yaml;
};
@ -25,7 +25,6 @@
services.alloy = {
enable = true;
configPath = "/etc/alloy/config.alloy";
};
environment.etc."alloy/config.alloy" = {

48
secrets/passwords.yaml
View file

@ -29,29 +29,47 @@ sops:
- recipient: age1egd6nutd7y8x5kd3uqxjpu326u9rz2vsqth2ss8nhvjlts3ukgrqsj2a92
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4c0ZhN3QwVFZTYlFKbXk1
NzJQRlFlL1JydStkS1dTcGhlaHlGVGRSTEFVCjFRM2hjQThiRmZYNnltVVp1NzJx
alRPV0k1RW10THJWelREakw5Z2dldncKLS0tIFZjZno1M21pcjJnQTRYRElIYkJJ
K2VMREVlZXhLRG9xU25WaE4wakYwcVkKvyyTdK47i6+Ljc6HL7e0UZejQLA+H7Ve
s6Z0CIXUeEz5OM2G8+Wi6Fyjbk2QJXMjGdxp6KzKcl8k6/18u5K5PQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3VmJDZDFPMjNMUDd5RHpq
NklkMjBVcEVHaVZhS3dWb3czU1RGL3Vqa0JRCjBSbWlBbkI4QU13dk5VeDdTZ2VP
MUpDb1VQSFh4bFZnbG02RUJ2SjNTVUUKLS0tIFdkMUl4QjdjeWZwTkJ4RWx1NUxv
Vi9mR3prTWtROUt2NE1oenZPS3VHMG8KHtsy+LSbH3CG9qoMUmDOS1Iq+YKPmlu5
D64oM1SKi8xZXxm/dZgX0fB9EUid0ZzZnRTV7HuT4QwU86xBQtcY3Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlVmxSTGVxMUVUQ2dkRCtR
cUNvMllXcVZ4NzRMQUZ0TmovUmx3ejlDT0VZCmYrc2ZPUzgyV3I5M09KOVZtTzVJ
b2J4d1lBOUkyOFdlNzZ2UkJITXJpVXcKLS0tIGFTRytiQjI5bEtKQVAwODd3ZWxk
c3hDOEdrYktaOVNMN0tncWlJbFd6WVkK2fbjE4ARoMbyhBKwQY4GFolX//T7nWAC
5r57ObE1a6ENdTNA/IzmegWqEb6ZIWlkZSf8eHlYhVgtT4uib7HZng==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWXRyNzIyVWtGRi8waTN4
MjltTnNOVmxPdVNmQzFiV29ZNzN0TzdsK0RzClhyUElQNlVkbnQ5MHBBUlU4R3RB
dkdpL1ByMGtCMy9KaWx1L0tWVXc0dVUKLS0tIEkvQlpmRTUxVHRtaFBOZDROK2Uv
ZkF4b0Y3SVBKTFBOTnJiMmhucndaME0KDriM8orKLhI4n2PP5kU4CY1CZJe9Mxaz
0m1gdekYHWzRnbU5git3uBWFnLU76QkzQQW8KFuRWDadbZJIZf5mBw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1kr0vjyd0fmpccshm4kl2uw5jujh48r7vzhecvqgaf58cvdha79csaw7hz5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQb0ZlU2dzT0w2djBub2Rx
ZmV5aStZOTlSdXZEbXNxYXBESmpCckwzWDNFCmIxQjRuakR4aWVnM3E0elkvd2xX
ZGJuK3NEL1RBZDB0WXV5M2VieHBnUkEKLS0tIEtXN2xQVVVjamtPSDhNVW5qaXdC
SHhiSU5PZmpUakZvQVNtYk5nUk1tZjAKyHND2LZuuBciy7toDLrAH47kyWcGAN7c
ORrD03DBoEV7mjBY86Hl3SaLKHxlBXsB93OOWqeZrvHlbki+qn/OZA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6aG5mcEN3bFhnV0w3eEJ3
U0F5NVVqWU9QMy9QTlZEYVR3azFFQ0ZFSWlJClNlZy9DM3VvelA5M1c1TFduRXZr
MDZWVGpEeXpjUk4xSkdXTjFicmxmZTQKLS0tIFA4allLS2lRbUVmR3ZPL1hFUWxX
cDIvc0ExNkNhdHlBc0p0VVE5Z0tRSzQKcrD118S6hxgFriGGfjZgNYt3Osb6MA/Q
1XMkMe3BaILYnfFrDwCU1j+N3m4SGrITd21pogFvM4KKaVpVwSNTWA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16q3ey64stpkhy9qayslvaejh70euxamxmheplsq8403kv5przgvqad5drd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBd1JmSVZ3K3M1ZjlMZzhz
UjJ1ZFJiNlIyd1lvbUJFb0VNTUtyZVlLU0VvCmhMNFVxalBHbkI4ZVJUUWxwM1Fk
d3c4bkRoSm1zdEI0ZGdEeEY1eTRUencKLS0tIEs3aTIyb1ZmVFNEWkdPek54V2Uw
UDFZSUpPYkwrMHlKVFRucmd2MUw2WDAKlfSM3XKjVVE1sYxxWRJ9sfvCZQnhPDSG
P/pMKQUCEjQNzig+nreX8Txzk5VvSA6YKZetZelTsPrA33P7g4+vpQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m88zefppn095rhtr0je5y5x93r2260z6kpgq65sc58m23qmqrvxspj0v0k
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXVHNLKy9VblJrQ0t4QkIw
YkpJVHpPcUZnRzNZdHJmd0dYM1VUNXh2SjI0CmUrNC9GOEU1bmc1SzRBa2tGTWo4
RlQrZE84b1B3RHRka2FsdlZkcG0xbWsKLS0tIGZiZXBtYmZOVzVIZXl0OXdtYjAr
OGU5LzlYeFJLc3BBY3BScjdRcGU4MmcKW2ASw7TpDmlXymYIgSihGpF6rkrx08Aj
vpyqwi2Z6cUvdF6DoqfMU5NaLoLsGRTVYlalvPHZs3tfoY9/SVyoXA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-14T17:47:08Z"
mac: ENC[AES256_GCM,data:w6psg02RoJ4fxu/jMr8ld2z8soXqb0UQmyCspwCOI8Qj3UvAE7EePKFmgqj7GEkY9yJ0VtBTqrwRcA2VWJ2Xtq6NyCyUdHNqiNDLRnegkD7EG4izYGib2Z32YnX73azh0sT6ZrB0de7vyyqj9i8J/UHphBEVayvAe7RVMVvlSgw=,iv:uAV+FHTzf92MaFiqXlfxyZkZf7OHEkTXPrbiIV6UVV4=,tag:orZqw7CQlbp7tKS7ccmdfg==,type:str]

3
systems/monitoring.noc.eh22.intern/system.nix
View file

@ -11,21 +11,18 @@
owner = "grafana";
group = "grafana";
restartUnits = [ "grafana.service" ];
sopsFile = ../../secrets/passwords.yaml;
};
secrets."services/loki/nginx" = {
mode = "0440";
owner = "nginx";
group = "nginx";
restartUnits = [ "nginx.service" ];
sopsFile = ../../secrets/passwords.yaml;
};
secrets."services/mimir/nginx" = {
mode = "0440";
owner = "nginx";
group = "nginx";
restartUnits = [ "nginx.service" ];
sopsFile = ../../secrets/passwords.yaml;
};
};