fix alloy

This commit is contained in:
chris 2025-03-15 20:26:44 +01:00
parent a876ea0694
commit 43145bbd19
Signed by: c6ristian
SSH key fingerprint: SHA256:B3m+yzpaxGXSEcDBpPHfvza/DNC0wuX+CKMeGq8wgak
4 changed files with 44 additions and 26 deletions
.sops.yaml
modules
secrets
systems/monitoring.noc.eh22.intern

View file

@ -2,6 +2,8 @@ keys:
- &ccchh_pass "age1egd6nutd7y8x5kd3uqxjpu326u9rz2vsqth2ss8nhvjlts3ukgrqsj2a92" - &ccchh_pass "age1egd6nutd7y8x5kd3uqxjpu326u9rz2vsqth2ss8nhvjlts3ukgrqsj2a92"
- &user_lilly "age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d" - &user_lilly "age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d"
- &host_grafana "age1kr0vjyd0fmpccshm4kl2uw5jujh48r7vzhecvqgaf58cvdha79csaw7hz5" - &host_grafana "age1kr0vjyd0fmpccshm4kl2uw5jujh48r7vzhecvqgaf58cvdha79csaw7hz5"
- &host_resolvdns "age16q3ey64stpkhy9qayslvaejh70euxamxmheplsq8403kv5przgvqad5drd"
- &host_authdns "age1m88zefppn095rhtr0je5y5x93r2260z6kpgq65sc58m23qmqrvxspj0v0k"
creation_rules: creation_rules:
- path_regex: secrets/passwords.yaml - path_regex: secrets/passwords.yaml
key_groups: key_groups:
@ -9,3 +11,5 @@ creation_rules:
- *ccchh_pass - *ccchh_pass
- *user_lilly - *user_lilly
- *host_grafana - *host_grafana
- *host_resolvdns
- *host_authdns

View file

@ -8,16 +8,16 @@
{ {
sops = { sops = {
secrets."services/loki/basic_auth" = { secrets."services/loki/basic_auth" = {
mode = "0440"; mode = "0444";
owner = "alloy"; owner = "nobody";
group = "alloy"; group = "nobody";
restartUnits = [ "alloy.service" ]; restartUnits = [ "alloy.service" ];
sopsFile = ../secrets/passwords.yaml; sopsFile = ../secrets/passwords.yaml;
}; };
secrets."services/mimir/basic_auth" = { secrets."services/mimir/basic_auth" = {
mode = "0440"; mode = "0444";
owner = "alloy"; owner = "nobody";
group = "alloy"; group = "nobody";
restartUnits = [ "alloy.service" ]; restartUnits = [ "alloy.service" ];
sopsFile = ../secrets/passwords.yaml; sopsFile = ../secrets/passwords.yaml;
}; };
@ -25,7 +25,6 @@
services.alloy = { services.alloy = {
enable = true; enable = true;
configPath = "/etc/alloy/config.alloy";
}; };
environment.etc."alloy/config.alloy" = { environment.etc."alloy/config.alloy" = {

View file

@ -29,29 +29,47 @@ sops:
- recipient: age1egd6nutd7y8x5kd3uqxjpu326u9rz2vsqth2ss8nhvjlts3ukgrqsj2a92 - recipient: age1egd6nutd7y8x5kd3uqxjpu326u9rz2vsqth2ss8nhvjlts3ukgrqsj2a92
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4c0ZhN3QwVFZTYlFKbXk1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3VmJDZDFPMjNMUDd5RHpq
NzJQRlFlL1JydStkS1dTcGhlaHlGVGRSTEFVCjFRM2hjQThiRmZYNnltVVp1NzJx NklkMjBVcEVHaVZhS3dWb3czU1RGL3Vqa0JRCjBSbWlBbkI4QU13dk5VeDdTZ2VP
alRPV0k1RW10THJWelREakw5Z2dldncKLS0tIFZjZno1M21pcjJnQTRYRElIYkJJ MUpDb1VQSFh4bFZnbG02RUJ2SjNTVUUKLS0tIFdkMUl4QjdjeWZwTkJ4RWx1NUxv
K2VMREVlZXhLRG9xU25WaE4wakYwcVkKvyyTdK47i6+Ljc6HL7e0UZejQLA+H7Ve Vi9mR3prTWtROUt2NE1oenZPS3VHMG8KHtsy+LSbH3CG9qoMUmDOS1Iq+YKPmlu5
s6Z0CIXUeEz5OM2G8+Wi6Fyjbk2QJXMjGdxp6KzKcl8k6/18u5K5PQ== D64oM1SKi8xZXxm/dZgX0fB9EUid0ZzZnRTV7HuT4QwU86xBQtcY3Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d - recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlVmxSTGVxMUVUQ2dkRCtR YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWXRyNzIyVWtGRi8waTN4
cUNvMllXcVZ4NzRMQUZ0TmovUmx3ejlDT0VZCmYrc2ZPUzgyV3I5M09KOVZtTzVJ MjltTnNOVmxPdVNmQzFiV29ZNzN0TzdsK0RzClhyUElQNlVkbnQ5MHBBUlU4R3RB
b2J4d1lBOUkyOFdlNzZ2UkJITXJpVXcKLS0tIGFTRytiQjI5bEtKQVAwODd3ZWxk dkdpL1ByMGtCMy9KaWx1L0tWVXc0dVUKLS0tIEkvQlpmRTUxVHRtaFBOZDROK2Uv
c3hDOEdrYktaOVNMN0tncWlJbFd6WVkK2fbjE4ARoMbyhBKwQY4GFolX//T7nWAC ZkF4b0Y3SVBKTFBOTnJiMmhucndaME0KDriM8orKLhI4n2PP5kU4CY1CZJe9Mxaz
5r57ObE1a6ENdTNA/IzmegWqEb6ZIWlkZSf8eHlYhVgtT4uib7HZng== 0m1gdekYHWzRnbU5git3uBWFnLU76QkzQQW8KFuRWDadbZJIZf5mBw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1kr0vjyd0fmpccshm4kl2uw5jujh48r7vzhecvqgaf58cvdha79csaw7hz5 - recipient: age1kr0vjyd0fmpccshm4kl2uw5jujh48r7vzhecvqgaf58cvdha79csaw7hz5
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQb0ZlU2dzT0w2djBub2Rx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6aG5mcEN3bFhnV0w3eEJ3
ZmV5aStZOTlSdXZEbXNxYXBESmpCckwzWDNFCmIxQjRuakR4aWVnM3E0elkvd2xX U0F5NVVqWU9QMy9QTlZEYVR3azFFQ0ZFSWlJClNlZy9DM3VvelA5M1c1TFduRXZr
ZGJuK3NEL1RBZDB0WXV5M2VieHBnUkEKLS0tIEtXN2xQVVVjamtPSDhNVW5qaXdC MDZWVGpEeXpjUk4xSkdXTjFicmxmZTQKLS0tIFA4allLS2lRbUVmR3ZPL1hFUWxX
SHhiSU5PZmpUakZvQVNtYk5nUk1tZjAKyHND2LZuuBciy7toDLrAH47kyWcGAN7c cDIvc0ExNkNhdHlBc0p0VVE5Z0tRSzQKcrD118S6hxgFriGGfjZgNYt3Osb6MA/Q
ORrD03DBoEV7mjBY86Hl3SaLKHxlBXsB93OOWqeZrvHlbki+qn/OZA== 1XMkMe3BaILYnfFrDwCU1j+N3m4SGrITd21pogFvM4KKaVpVwSNTWA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16q3ey64stpkhy9qayslvaejh70euxamxmheplsq8403kv5przgvqad5drd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBd1JmSVZ3K3M1ZjlMZzhz
UjJ1ZFJiNlIyd1lvbUJFb0VNTUtyZVlLU0VvCmhMNFVxalBHbkI4ZVJUUWxwM1Fk
d3c4bkRoSm1zdEI0ZGdEeEY1eTRUencKLS0tIEs3aTIyb1ZmVFNEWkdPek54V2Uw
UDFZSUpPYkwrMHlKVFRucmd2MUw2WDAKlfSM3XKjVVE1sYxxWRJ9sfvCZQnhPDSG
P/pMKQUCEjQNzig+nreX8Txzk5VvSA6YKZetZelTsPrA33P7g4+vpQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m88zefppn095rhtr0je5y5x93r2260z6kpgq65sc58m23qmqrvxspj0v0k
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXVHNLKy9VblJrQ0t4QkIw
YkpJVHpPcUZnRzNZdHJmd0dYM1VUNXh2SjI0CmUrNC9GOEU1bmc1SzRBa2tGTWo4
RlQrZE84b1B3RHRka2FsdlZkcG0xbWsKLS0tIGZiZXBtYmZOVzVIZXl0OXdtYjAr
OGU5LzlYeFJLc3BBY3BScjdRcGU4MmcKW2ASw7TpDmlXymYIgSihGpF6rkrx08Aj
vpyqwi2Z6cUvdF6DoqfMU5NaLoLsGRTVYlalvPHZs3tfoY9/SVyoXA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-14T17:47:08Z" lastmodified: "2025-03-14T17:47:08Z"
mac: ENC[AES256_GCM,data:w6psg02RoJ4fxu/jMr8ld2z8soXqb0UQmyCspwCOI8Qj3UvAE7EePKFmgqj7GEkY9yJ0VtBTqrwRcA2VWJ2Xtq6NyCyUdHNqiNDLRnegkD7EG4izYGib2Z32YnX73azh0sT6ZrB0de7vyyqj9i8J/UHphBEVayvAe7RVMVvlSgw=,iv:uAV+FHTzf92MaFiqXlfxyZkZf7OHEkTXPrbiIV6UVV4=,tag:orZqw7CQlbp7tKS7ccmdfg==,type:str] mac: ENC[AES256_GCM,data:w6psg02RoJ4fxu/jMr8ld2z8soXqb0UQmyCspwCOI8Qj3UvAE7EePKFmgqj7GEkY9yJ0VtBTqrwRcA2VWJ2Xtq6NyCyUdHNqiNDLRnegkD7EG4izYGib2Z32YnX73azh0sT6ZrB0de7vyyqj9i8J/UHphBEVayvAe7RVMVvlSgw=,iv:uAV+FHTzf92MaFiqXlfxyZkZf7OHEkTXPrbiIV6UVV4=,tag:orZqw7CQlbp7tKS7ccmdfg==,type:str]

View file

@ -11,21 +11,18 @@
owner = "grafana"; owner = "grafana";
group = "grafana"; group = "grafana";
restartUnits = [ "grafana.service" ]; restartUnits = [ "grafana.service" ];
sopsFile = ../../secrets/passwords.yaml;
}; };
secrets."services/loki/nginx" = { secrets."services/loki/nginx" = {
mode = "0440"; mode = "0440";
owner = "nginx"; owner = "nginx";
group = "nginx"; group = "nginx";
restartUnits = [ "nginx.service" ]; restartUnits = [ "nginx.service" ];
sopsFile = ../../secrets/passwords.yaml;
}; };
secrets."services/mimir/nginx" = { secrets."services/mimir/nginx" = {
mode = "0440"; mode = "0440";
owner = "nginx"; owner = "nginx";
group = "nginx"; group = "nginx";
restartUnits = [ "nginx.service" ]; restartUnits = [ "nginx.service" ];
sopsFile = ../../secrets/passwords.yaml;
}; };
}; };