diff --git a/.sops.yaml b/.sops.yaml
index 87e3e16..caccaec 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -2,10 +2,14 @@ keys:
- &ccchh_pass "age1egd6nutd7y8x5kd3uqxjpu326u9rz2vsqth2ss8nhvjlts3ukgrqsj2a92"
- &user_lilly "age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d"
- &host_grafana "age1kr0vjyd0fmpccshm4kl2uw5jujh48r7vzhecvqgaf58cvdha79csaw7hz5"
+ - &host_resolvdns "age16q3ey64stpkhy9qayslvaejh70euxamxmheplsq8403kv5przgvqad5drd"
+ - &host_authdns "age1m88zefppn095rhtr0je5y5x93r2260z6kpgq65sc58m23qmqrvxspj0v0k"
creation_rules:
- path_regex: secrets/passwords.yaml
key_groups:
- age:
- *ccchh_pass
- *user_lilly
- - *host_grafana
\ No newline at end of file
+ - *host_grafana
+ - *host_resolvdns
+ - *host_authdns
\ No newline at end of file
diff --git a/modules/alloy.nix b/modules/alloy.nix
index e601180..74416c2 100644
--- a/modules/alloy.nix
+++ b/modules/alloy.nix
@@ -8,16 +8,16 @@
{
sops = {
secrets."services/loki/basic_auth" = {
- mode = "0440";
- owner = "alloy";
- group = "alloy";
+ mode = "0444";
+ owner = "nobody";
+ group = "nobody";
restartUnits = [ "alloy.service" ];
sopsFile = ../secrets/passwords.yaml;
};
secrets."services/mimir/basic_auth" = {
- mode = "0440";
- owner = "alloy";
- group = "alloy";
+ mode = "0444";
+ owner = "nobody";
+ group = "nobody";
restartUnits = [ "alloy.service" ];
sopsFile = ../secrets/passwords.yaml;
};
@@ -25,7 +25,6 @@
services.alloy = {
enable = true;
- configPath = "/etc/alloy/config.alloy";
};
environment.etc."alloy/config.alloy" = {
diff --git a/secrets/passwords.yaml b/secrets/passwords.yaml
index 6349a89..9dcf694 100644
--- a/secrets/passwords.yaml
+++ b/secrets/passwords.yaml
@@ -29,29 +29,47 @@ sops:
- recipient: age1egd6nutd7y8x5kd3uqxjpu326u9rz2vsqth2ss8nhvjlts3ukgrqsj2a92
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4c0ZhN3QwVFZTYlFKbXk1
- NzJQRlFlL1JydStkS1dTcGhlaHlGVGRSTEFVCjFRM2hjQThiRmZYNnltVVp1NzJx
- alRPV0k1RW10THJWelREakw5Z2dldncKLS0tIFZjZno1M21pcjJnQTRYRElIYkJJ
- K2VMREVlZXhLRG9xU25WaE4wakYwcVkKvyyTdK47i6+Ljc6HL7e0UZejQLA+H7Ve
- s6Z0CIXUeEz5OM2G8+Wi6Fyjbk2QJXMjGdxp6KzKcl8k6/18u5K5PQ==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3VmJDZDFPMjNMUDd5RHpq
+ NklkMjBVcEVHaVZhS3dWb3czU1RGL3Vqa0JRCjBSbWlBbkI4QU13dk5VeDdTZ2VP
+ MUpDb1VQSFh4bFZnbG02RUJ2SjNTVUUKLS0tIFdkMUl4QjdjeWZwTkJ4RWx1NUxv
+ Vi9mR3prTWtROUt2NE1oenZPS3VHMG8KHtsy+LSbH3CG9qoMUmDOS1Iq+YKPmlu5
+ D64oM1SKi8xZXxm/dZgX0fB9EUid0ZzZnRTV7HuT4QwU86xBQtcY3Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlVmxSTGVxMUVUQ2dkRCtR
- cUNvMllXcVZ4NzRMQUZ0TmovUmx3ejlDT0VZCmYrc2ZPUzgyV3I5M09KOVZtTzVJ
- b2J4d1lBOUkyOFdlNzZ2UkJITXJpVXcKLS0tIGFTRytiQjI5bEtKQVAwODd3ZWxk
- c3hDOEdrYktaOVNMN0tncWlJbFd6WVkK2fbjE4ARoMbyhBKwQY4GFolX//T7nWAC
- 5r57ObE1a6ENdTNA/IzmegWqEb6ZIWlkZSf8eHlYhVgtT4uib7HZng==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWXRyNzIyVWtGRi8waTN4
+ MjltTnNOVmxPdVNmQzFiV29ZNzN0TzdsK0RzClhyUElQNlVkbnQ5MHBBUlU4R3RB
+ dkdpL1ByMGtCMy9KaWx1L0tWVXc0dVUKLS0tIEkvQlpmRTUxVHRtaFBOZDROK2Uv
+ ZkF4b0Y3SVBKTFBOTnJiMmhucndaME0KDriM8orKLhI4n2PP5kU4CY1CZJe9Mxaz
+ 0m1gdekYHWzRnbU5git3uBWFnLU76QkzQQW8KFuRWDadbZJIZf5mBw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1kr0vjyd0fmpccshm4kl2uw5jujh48r7vzhecvqgaf58cvdha79csaw7hz5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQb0ZlU2dzT0w2djBub2Rx
- ZmV5aStZOTlSdXZEbXNxYXBESmpCckwzWDNFCmIxQjRuakR4aWVnM3E0elkvd2xX
- ZGJuK3NEL1RBZDB0WXV5M2VieHBnUkEKLS0tIEtXN2xQVVVjamtPSDhNVW5qaXdC
- SHhiSU5PZmpUakZvQVNtYk5nUk1tZjAKyHND2LZuuBciy7toDLrAH47kyWcGAN7c
- ORrD03DBoEV7mjBY86Hl3SaLKHxlBXsB93OOWqeZrvHlbki+qn/OZA==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6aG5mcEN3bFhnV0w3eEJ3
+ U0F5NVVqWU9QMy9QTlZEYVR3azFFQ0ZFSWlJClNlZy9DM3VvelA5M1c1TFduRXZr
+ MDZWVGpEeXpjUk4xSkdXTjFicmxmZTQKLS0tIFA4allLS2lRbUVmR3ZPL1hFUWxX
+ cDIvc0ExNkNhdHlBc0p0VVE5Z0tRSzQKcrD118S6hxgFriGGfjZgNYt3Osb6MA/Q
+ 1XMkMe3BaILYnfFrDwCU1j+N3m4SGrITd21pogFvM4KKaVpVwSNTWA==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age16q3ey64stpkhy9qayslvaejh70euxamxmheplsq8403kv5przgvqad5drd
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBd1JmSVZ3K3M1ZjlMZzhz
+ UjJ1ZFJiNlIyd1lvbUJFb0VNTUtyZVlLU0VvCmhMNFVxalBHbkI4ZVJUUWxwM1Fk
+ d3c4bkRoSm1zdEI0ZGdEeEY1eTRUencKLS0tIEs3aTIyb1ZmVFNEWkdPek54V2Uw
+ UDFZSUpPYkwrMHlKVFRucmd2MUw2WDAKlfSM3XKjVVE1sYxxWRJ9sfvCZQnhPDSG
+ P/pMKQUCEjQNzig+nreX8Txzk5VvSA6YKZetZelTsPrA33P7g4+vpQ==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age1m88zefppn095rhtr0je5y5x93r2260z6kpgq65sc58m23qmqrvxspj0v0k
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXVHNLKy9VblJrQ0t4QkIw
+ YkpJVHpPcUZnRzNZdHJmd0dYM1VUNXh2SjI0CmUrNC9GOEU1bmc1SzRBa2tGTWo4
+ RlQrZE84b1B3RHRka2FsdlZkcG0xbWsKLS0tIGZiZXBtYmZOVzVIZXl0OXdtYjAr
+ OGU5LzlYeFJLc3BBY3BScjdRcGU4MmcKW2ASw7TpDmlXymYIgSihGpF6rkrx08Aj
+ vpyqwi2Z6cUvdF6DoqfMU5NaLoLsGRTVYlalvPHZs3tfoY9/SVyoXA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-14T17:47:08Z"
mac: ENC[AES256_GCM,data:w6psg02RoJ4fxu/jMr8ld2z8soXqb0UQmyCspwCOI8Qj3UvAE7EePKFmgqj7GEkY9yJ0VtBTqrwRcA2VWJ2Xtq6NyCyUdHNqiNDLRnegkD7EG4izYGib2Z32YnX73azh0sT6ZrB0de7vyyqj9i8J/UHphBEVayvAe7RVMVvlSgw=,iv:uAV+FHTzf92MaFiqXlfxyZkZf7OHEkTXPrbiIV6UVV4=,tag:orZqw7CQlbp7tKS7ccmdfg==,type:str]
diff --git a/systems/monitoring.noc.eh22.intern/system.nix b/systems/monitoring.noc.eh22.intern/system.nix
index cb182a6..7c1c8ae 100644
--- a/systems/monitoring.noc.eh22.intern/system.nix
+++ b/systems/monitoring.noc.eh22.intern/system.nix
@@ -11,21 +11,18 @@
owner = "grafana";
group = "grafana";
restartUnits = [ "grafana.service" ];
- sopsFile = ../../secrets/passwords.yaml;
};
secrets."services/loki/nginx" = {
mode = "0440";
owner = "nginx";
group = "nginx";
restartUnits = [ "nginx.service" ];
- sopsFile = ../../secrets/passwords.yaml;
};
secrets."services/mimir/nginx" = {
mode = "0440";
owner = "nginx";
group = "nginx";
restartUnits = [ "nginx.service" ];
- sopsFile = ../../secrets/passwords.yaml;
};
};