From 73232a4800ae0878b7e2495ef201dd597ca1ebd1 Mon Sep 17 00:00:00 2001
From: kurogeek <kurogeek@lmvhaus.com>
Date: Mon, 2 Mar 2026 18:08:41 +0700
Subject: [PATCH] clanService/grafana: add requred attr

---
 modules/clan/grafana/default.nix               | 17 +++++++++++++++++
 modules/clan/grafana/flake-module.nix          |  5 +++--
 modules/clan/grafana/tests/vm/default.nix      | 15 +++++++++++++++
 .../tests/vm/sops/machines/server/key.json     |  6 ++++++
 .../vm/sops/secrets/server-age.key/secret      | 14 ++++++++++++++
 .../vm/sops/secrets/server-age.key/users/admin |  1 +
 .../grafana/tests/vm/sops/users/admin/key.json |  4 ++++
 .../server/grafana/secret_key/machines/server  |  1 +
 .../server/grafana/secret_key/secret           | 18 ++++++++++++++++++
 .../server/grafana/secret_key/users/admin      |  1 +
 .../server/state-version/version/value         |  1 +
 11 files changed, 81 insertions(+), 2 deletions(-)
 create mode 100755 modules/clan/grafana/tests/vm/sops/machines/server/key.json
 create mode 100644 modules/clan/grafana/tests/vm/sops/secrets/server-age.key/secret
 create mode 120000 modules/clan/grafana/tests/vm/sops/secrets/server-age.key/users/admin
 create mode 100644 modules/clan/grafana/tests/vm/sops/users/admin/key.json
 create mode 120000 modules/clan/grafana/tests/vm/vars/per-machine/server/grafana/secret_key/machines/server
 create mode 100644 modules/clan/grafana/tests/vm/vars/per-machine/server/grafana/secret_key/secret
 create mode 120000 modules/clan/grafana/tests/vm/vars/per-machine/server/grafana/secret_key/users/admin
 create mode 100644 modules/clan/grafana/tests/vm/vars/per-machine/server/state-version/version/value

diff --git a/modules/clan/grafana/default.nix b/modules/clan/grafana/default.nix
index f2a3ef3..36464bf 100644
--- a/modules/clan/grafana/default.nix
+++ b/modules/clan/grafana/default.nix
@@ -13,11 +13,28 @@
       {
         config,
         lib,
+        pkgs,
         ...
       }:
       {
+        clan.core.vars.generators.grafana = {
+          files = {
+            secret_key = {
+              owner = "grafana";
+              group = "grafana";
+              secret = true;
+            };
+          };
+          script = ''
+            openssl rand -hex 32 > "$out"/secret_key
+          '';
+          runtimeInputs = [
+            pkgs.openssl
+          ];
+        };
         services.grafana = {
           enable = lib.mkDefault true;
+          settings.security.secret_key = "$__file{${config.clan.core.vars.generators.grafana.files.secret_key.path}}";
         };
 
         clan.core.state.grafana.folders = [ config.services.grafana.dataDir ];
diff --git a/modules/clan/grafana/flake-module.nix b/modules/clan/grafana/flake-module.nix
index 31c420c..b3cc97f 100644
--- a/modules/clan/grafana/flake-module.nix
+++ b/modules/clan/grafana/flake-module.nix
@@ -1,6 +1,6 @@
-{ lib, ... }:
+{ self, inputs, ... }:
 let
-  module = lib.modules.importApply ./default.nix { };
+  module = ./default.nix;
 in
 {
   clan.modules = {
@@ -11,6 +11,7 @@ in
     {
       clan.nixosTests.service-grafana = {
         imports = [ ./tests/vm/default.nix ];
+        _module.args = { inherit self inputs; };
 
         clan.modules."@clan/grafana" = module;
       };
diff --git a/modules/clan/grafana/tests/vm/default.nix b/modules/clan/grafana/tests/vm/default.nix
index 51e1fe2..4ccdfd5 100644
--- a/modules/clan/grafana/tests/vm/default.nix
+++ b/modules/clan/grafana/tests/vm/default.nix
@@ -1,8 +1,23 @@
 {
+  self,
+  config,
+  lib,
+  hostPkgs,
   ...
 }:
 {
   name = "service-grafana";
+  result.update-vars =
+    let
+      relativeDir = lib.removePrefix "${self}/" (toString config.clan.directory);
+    in
+    hostPkgs.writeShellScriptBin "update-vars" ''
+      set -x
+      export PRJ_ROOT=$(git rev-parse --show-toplevel)
+      ${
+        self.inputs.clan-core.packages.${hostPkgs.system}.clan-cli
+      }/bin/clan-generate-test-vars $PRJ_ROOT/${relativeDir} ${config.name}
+    '';
 
   clan = {
     directory = ./.;
diff --git a/modules/clan/grafana/tests/vm/sops/machines/server/key.json b/modules/clan/grafana/tests/vm/sops/machines/server/key.json
new file mode 100755
index 0000000..f3dfd6d
--- /dev/null
+++ b/modules/clan/grafana/tests/vm/sops/machines/server/key.json
@@ -0,0 +1,6 @@
+[
+  {
+    "publickey": "age1chfz220hkkxvv25x4cmqsen38ppat9erplqus8gvynv0ajnu4uaqgfq3tj",
+    "type": "age"
+  }
+]
\ No newline at end of file
diff --git a/modules/clan/grafana/tests/vm/sops/secrets/server-age.key/secret b/modules/clan/grafana/tests/vm/sops/secrets/server-age.key/secret
new file mode 100644
index 0000000..0f7f92c
--- /dev/null
+++ b/modules/clan/grafana/tests/vm/sops/secrets/server-age.key/secret
@@ -0,0 +1,14 @@
+{
+	"data": "ENC[AES256_GCM,data:ZGt489y6VugKlhVLz6hC5sL+E+IDT6MkHS7jMU36WFWK9Co9btY4HRo+JtH/3C5iVuGLf/0j7n6W8SYZXigVCUTUQJvE56RfZ1s=,iv:rQM4ZZhN345KE2A16J9/ZKMZ9O+Qvb5y6kwXA/6SuZg=,tag:C+oeBtNFcImKd3HV/6yFCQ==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZU0hqYmtDKzBRWDVMNVdm\nUW5XMXd4WDNha0ppbENwOHk1bk1mVWxVV0F3CktYT01XdktyenNvUzU4UXBReEVp\nZXJKS05kS0NsbFNqamlXMkVzRmRhUkEKLS0tIEgweFVCT2tOZmMrdERDV0FBN3N2\nVjZPZXR3L0x0dER4T1Q4cTBlV20vUjAK9QJ2p8VzNqVY/lrcKwL56YF2JBfJp11M\ns801/6IQ5WvMPziG/E/nppv/9zL0kQTh9EPGqevy0juGcvqQgn1KQw==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2026-03-02T07:38:10Z",
+		"mac": "ENC[AES256_GCM,data:ShP6xVJaIIyj5kqRJeIbTNJBkY3H/xvj/RgbEl65RZbJNVE0HTHkTmartKVEyROWQlMyhwesJr8FEKAnOrWysUOKQUKV9Cgfvr6J/IXZj1ZJkXbE9NcFmsRshv4Po4sCig7Hq7qt/hQLBqutUjXnpvLaKgARz2dcOv8HSoVkCKU=,iv:bvl6lFb2z8DGQkShEWe5XlYmhtXNf3bL5RHSsk9LAXs=,tag:HomMsFH3jEHCR0L6aXVsBw==,type:str]",
+		"version": "3.12.1"
+	}
+}
diff --git a/modules/clan/grafana/tests/vm/sops/secrets/server-age.key/users/admin b/modules/clan/grafana/tests/vm/sops/secrets/server-age.key/users/admin
new file mode 120000
index 0000000..9e21a99
--- /dev/null
+++ b/modules/clan/grafana/tests/vm/sops/secrets/server-age.key/users/admin
@@ -0,0 +1 @@
+../../../users/admin
\ No newline at end of file
diff --git a/modules/clan/grafana/tests/vm/sops/users/admin/key.json b/modules/clan/grafana/tests/vm/sops/users/admin/key.json
new file mode 100644
index 0000000..e408aa9
--- /dev/null
+++ b/modules/clan/grafana/tests/vm/sops/users/admin/key.json
@@ -0,0 +1,4 @@
+{
+  "publickey": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
+  "type": "age"
+}
diff --git a/modules/clan/grafana/tests/vm/vars/per-machine/server/grafana/secret_key/machines/server b/modules/clan/grafana/tests/vm/vars/per-machine/server/grafana/secret_key/machines/server
new file mode 120000
index 0000000..2bd819e
--- /dev/null
+++ b/modules/clan/grafana/tests/vm/vars/per-machine/server/grafana/secret_key/machines/server
@@ -0,0 +1 @@
+../../../../../../sops/machines/server
\ No newline at end of file
diff --git a/modules/clan/grafana/tests/vm/vars/per-machine/server/grafana/secret_key/secret b/modules/clan/grafana/tests/vm/vars/per-machine/server/grafana/secret_key/secret
new file mode 100644
index 0000000..876ec0e
--- /dev/null
+++ b/modules/clan/grafana/tests/vm/vars/per-machine/server/grafana/secret_key/secret
@@ -0,0 +1,18 @@
+{
+	"data": "ENC[AES256_GCM,data:xXGuIJCmajuSHV3rBaAC0+XZZekqPd3rTr1bTKjMIU34IF9ueairclcSAUjFHakRG5EeGJ90PTosuC1vnqk/emQ=,iv:9Od0lV3SeTlT9sgJHY6yw/tLz5WNbaMDDFfjvIMO76M=,tag:T4ybZEUDGrp+p4I5NEr+Xg==,type:str]",
+	"sops": {
+		"age": [
+			{
+				"recipient": "age1chfz220hkkxvv25x4cmqsen38ppat9erplqus8gvynv0ajnu4uaqgfq3tj",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4aUc5Yy8xOU0xcW02eDVK\nR0d5eXVtVU50dVk4L2dnZ3pObTJjOGQycHlnCjJBSndpdGNhRWVxeGZGdTJwZklU\nekdQTjZ1UTUzYklRVDd6WlVFeko0cEEKLS0tIDB2SkVpRXVEcG9nSGM0OG5hYmlR\ncXBMdUZ2MHdZd2hCaFF5Y1duOVlzc3MKgFUx3NZSoXiALUWj0gxPZLbmwfzRuq5w\nSc3CPCuEEALGq1unzndXJLSg+q4u/PAsZ/Q4l2CDHxuk5INct3Px7g==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTTmxFL0UyNlhCaVhKWVJ5\nRUpLV3ZJdnNpYWZLa2phTlVNMmpzd20yd0FnCk9sOTFOZWQ3MzRHb3EwNUdzRDZ1\ndDk4eDVJRGFrOVIwd0xsb3c1b3VpWmcKLS0tIG16Nkc1TmlvbDNaYWZwcUFHYkV4\nT3Y5M1VOMWF3MHBMVlNMam1sSXIwNTQKRVvOVcV5GWua5hfS2ijKT5+C6Y5rZsXN\nKVzvemCk7pEGjVRSi4P0hrPnD37A6uwwj8FJqiLd7Y1p3hIVvBqR3w==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2026-03-02T07:38:11Z",
+		"mac": "ENC[AES256_GCM,data:HiiWGBruyPo/vGDdz/Zc/8Vd8oB2aMqoDjJCTybe9tRTJAojiSYZR4YyBO2ApCnYDyStJqXL0ZRjjRB73dwvldaNASz2odl/GGprmxcCH3T0A+Zrgu2gN9yNA5i+LkBLC2URXYwra4Den/WvIOTnrvvQcszN9SUBs+MOJM56KZo=,iv:+pjWMIf0+wBvWzkvsvqP7CI6zJpO3+8sqaZUEocXkXU=,tag:yp2CpOb38Kp13f2CJSzHEg==,type:str]",
+		"version": "3.12.1"
+	}
+}
diff --git a/modules/clan/grafana/tests/vm/vars/per-machine/server/grafana/secret_key/users/admin b/modules/clan/grafana/tests/vm/vars/per-machine/server/grafana/secret_key/users/admin
new file mode 120000
index 0000000..ca714e1
--- /dev/null
+++ b/modules/clan/grafana/tests/vm/vars/per-machine/server/grafana/secret_key/users/admin
@@ -0,0 +1 @@
+../../../../../../sops/users/admin
\ No newline at end of file
diff --git a/modules/clan/grafana/tests/vm/vars/per-machine/server/state-version/version/value b/modules/clan/grafana/tests/vm/vars/per-machine/server/state-version/version/value
new file mode 100644
index 0000000..5d86a5f
--- /dev/null
+++ b/modules/clan/grafana/tests/vm/vars/per-machine/server/state-version/version/value
@@ -0,0 +1 @@
+26.05
\ No newline at end of file