From e50685ab23e6fd73fb37a91e9f0e2e540dc776f6 Mon Sep 17 00:00:00 2001 From: prescientmoon Date: Sat, 24 Feb 2024 08:22:35 +0100 Subject: [PATCH] Fix grafana sops permissions --- hosts/nixos/lapetus/services/grafana.nix | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/hosts/nixos/lapetus/services/grafana.nix b/hosts/nixos/lapetus/services/grafana.nix index 422ecdc..c64e585 100644 --- a/hosts/nixos/lapetus/services/grafana.nix +++ b/hosts/nixos/lapetus/services/grafana.nix @@ -1,5 +1,11 @@ { config, pkgs, ... }: -let secret = name: "$__file{${config.sops.secrets.${name}.path}}"; +let + secret = name: "$__file{${config.sops.secrets.${name}.path}}"; + sopsSettings = { + sopsFile = ../secrets.yaml; + user = "grafana"; + group = "grafana"; + }; in { imports = [ @@ -7,8 +13,8 @@ in ./prometheus.nix ]; - sops.secrets.grafana_smtp_pass.sopsFile = ../secrets.yaml; - sops.secrets.grafana_discord_webhook.sopsFile = ../secrets.yaml; + sops.secrets.grafana_smtp_pass = sopsSettings; + sops.secrets.grafana_discord_webhook = sopsSettings; # {{{ Main config services.grafana = { @@ -21,12 +27,13 @@ in # {{{ Smtp smtp = rec { enabled = true; - host = "smtp.migadu.com:465"; - from_name = "Grafana"; - password = secret "grafana_smtp_pass"; + user = "grafana@orbit.moonythm.dev"; + from_name = "Grafana"; from_address = user; - skip_verify = true; + + host = "smtp.migadu.com:465"; + password = secret "grafana_smtp_pass"; startTLS_policy = "NoStartTLS"; }; # }}}