newedge/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

clanService/grafana: add requred attr

Browse Source
This commit is contained in:
kurogeek
2026-03-02 18:08:41 +07:00
parent 9b7e9b5be6
commit 73232a4800
11 changed files with 81 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
modules/clan/grafana/default.nix
View File

@@ -13,11 +13,28 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
{ {
clan.core.vars.generators.grafana = {
files = {
secret_key = {
owner = "grafana";
group = "grafana";
secret = true;
};
};
script = ''
openssl rand -hex 32 > "$out"/secret_key
'';
runtimeInputs = [
pkgs.openssl
];
};
services.grafana = { services.grafana = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
settings.security.secret_key = "$__file{${config.clan.core.vars.generators.grafana.files.secret_key.path}}";
}; };
clan.core.state.grafana.folders = [ config.services.grafana.dataDir ]; clan.core.state.grafana.folders = [ config.services.grafana.dataDir ];

5
modules/clan/grafana/flake-module.nix
View File

@@ -1,6 +1,6 @@
{ lib, ... }: { self, inputs, ... }:
let let
module = lib.modules.importApply ./default.nix { }; module = ./default.nix;
in in
{ {
clan.modules = { clan.modules = {
@@ -11,6 +11,7 @@ in
{ {
clan.nixosTests.service-grafana = { clan.nixosTests.service-grafana = {
imports = [ ./tests/vm/default.nix ]; imports = [ ./tests/vm/default.nix ];
_module.args = { inherit self inputs; };
clan.modules."@clan/grafana" = module; clan.modules."@clan/grafana" = module;
}; };

15
modules/clan/grafana/tests/vm/default.nix
View File

@@ -1,8 +1,23 @@
{ {
self,
config,
lib,
hostPkgs,
... ...
}: }:
{ {
name = "service-grafana"; name = "service-grafana";
result.update-vars =
let
relativeDir = lib.removePrefix "${self}/" (toString config.clan.directory);
in
hostPkgs.writeShellScriptBin "update-vars" ''
set -x
export PRJ_ROOT=$(git rev-parse --show-toplevel)
${
self.inputs.clan-core.packages.${hostPkgs.system}.clan-cli
}/bin/clan-generate-test-vars $PRJ_ROOT/${relativeDir} ${config.name}
'';
clan = { clan = {
directory = ./.; directory = ./.;

6
modules/clan/grafana/tests/vm/sops/machines/server/key.json Executable file
View File

@@ -0,0 +1,6 @@
[
{
"publickey": "age1chfz220hkkxvv25x4cmqsen38ppat9erplqus8gvynv0ajnu4uaqgfq3tj",
"type": "age"
}
]

14
modules/clan/grafana/tests/vm/sops/secrets/server-age.key/secret Normal file
View File

@@ -0,0 +1,14 @@
{
"data": "ENC[AES256_GCM,data:ZGt489y6VugKlhVLz6hC5sL+E+IDT6MkHS7jMU36WFWK9Co9btY4HRo+JtH/3C5iVuGLf/0j7n6W8SYZXigVCUTUQJvE56RfZ1s=,iv:rQM4ZZhN345KE2A16J9/ZKMZ9O+Qvb5y6kwXA/6SuZg=,tag:C+oeBtNFcImKd3HV/6yFCQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZU0hqYmtDKzBRWDVMNVdm\nUW5XMXd4WDNha0ppbENwOHk1bk1mVWxVV0F3CktYT01XdktyenNvUzU4UXBReEVp\nZXJKS05kS0NsbFNqamlXMkVzRmRhUkEKLS0tIEgweFVCT2tOZmMrdERDV0FBN3N2\nVjZPZXR3L0x0dER4T1Q4cTBlV20vUjAK9QJ2p8VzNqVY/lrcKwL56YF2JBfJp11M\ns801/6IQ5WvMPziG/E/nppv/9zL0kQTh9EPGqevy0juGcvqQgn1KQw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-03-02T07:38:10Z",
"mac": "ENC[AES256_GCM,data:ShP6xVJaIIyj5kqRJeIbTNJBkY3H/xvj/RgbEl65RZbJNVE0HTHkTmartKVEyROWQlMyhwesJr8FEKAnOrWysUOKQUKV9Cgfvr6J/IXZj1ZJkXbE9NcFmsRshv4Po4sCig7Hq7qt/hQLBqutUjXnpvLaKgARz2dcOv8HSoVkCKU=,iv:bvl6lFb2z8DGQkShEWe5XlYmhtXNf3bL5RHSsk9LAXs=,tag:HomMsFH3jEHCR0L6aXVsBw==,type:str]",
"version": "3.12.1"
}
}

1
modules/clan/grafana/tests/vm/sops/secrets/server-age.key/users/admin Symbolic link
View File

@@ -0,0 +1 @@
../../../users/admin

4
modules/clan/grafana/tests/vm/sops/users/admin/key.json Normal file
View File

@@ -0,0 +1,4 @@
{
"publickey": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"type": "age"
}

1
modules/clan/grafana/tests/vm/vars/per-machine/server/grafana/secret_key/machines/server Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/machines/server

18
modules/clan/grafana/tests/vm/vars/per-machine/server/grafana/secret_key/secret Normal file
View File

@@ -0,0 +1,18 @@
{
"data": "ENC[AES256_GCM,data:xXGuIJCmajuSHV3rBaAC0+XZZekqPd3rTr1bTKjMIU34IF9ueairclcSAUjFHakRG5EeGJ90PTosuC1vnqk/emQ=,iv:9Od0lV3SeTlT9sgJHY6yw/tLz5WNbaMDDFfjvIMO76M=,tag:T4ybZEUDGrp+p4I5NEr+Xg==,type:str]",
"sops": {
"age": [
{
"recipient": "age1chfz220hkkxvv25x4cmqsen38ppat9erplqus8gvynv0ajnu4uaqgfq3tj",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4aUc5Yy8xOU0xcW02eDVK\nR0d5eXVtVU50dVk4L2dnZ3pObTJjOGQycHlnCjJBSndpdGNhRWVxeGZGdTJwZklU\nekdQTjZ1UTUzYklRVDd6WlVFeko0cEEKLS0tIDB2SkVpRXVEcG9nSGM0OG5hYmlR\ncXBMdUZ2MHdZd2hCaFF5Y1duOVlzc3MKgFUx3NZSoXiALUWj0gxPZLbmwfzRuq5w\nSc3CPCuEEALGq1unzndXJLSg+q4u/PAsZ/Q4l2CDHxuk5INct3Px7g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTTmxFL0UyNlhCaVhKWVJ5\nRUpLV3ZJdnNpYWZLa2phTlVNMmpzd20yd0FnCk9sOTFOZWQ3MzRHb3EwNUdzRDZ1\ndDk4eDVJRGFrOVIwd0xsb3c1b3VpWmcKLS0tIG16Nkc1TmlvbDNaYWZwcUFHYkV4\nT3Y5M1VOMWF3MHBMVlNMam1sSXIwNTQKRVvOVcV5GWua5hfS2ijKT5+C6Y5rZsXN\nKVzvemCk7pEGjVRSi4P0hrPnD37A6uwwj8FJqiLd7Y1p3hIVvBqR3w==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-03-02T07:38:11Z",
"mac": "ENC[AES256_GCM,data:HiiWGBruyPo/vGDdz/Zc/8Vd8oB2aMqoDjJCTybe9tRTJAojiSYZR4YyBO2ApCnYDyStJqXL0ZRjjRB73dwvldaNASz2odl/GGprmxcCH3T0A+Zrgu2gN9yNA5i+LkBLC2URXYwra4Den/WvIOTnrvvQcszN9SUBs+MOJM56KZo=,iv:+pjWMIf0+wBvWzkvsvqP7CI6zJpO3+8sqaZUEocXkXU=,tag:yp2CpOb38Kp13f2CJSzHEg==,type:str]",
"version": "3.12.1"
}
}

1
modules/clan/grafana/tests/vm/vars/per-machine/server/grafana/secret_key/users/admin Symbolic link
View File

@@ -0,0 +1 @@
../../../../../../sops/users/admin

1
modules/clan/grafana/tests/vm/vars/per-machine/server/state-version/version/value Normal file
View File

@@ -0,0 +1 @@
26.05