X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=modules%2Fprivate%2Fsystem%2Feldiron.nix;fp=modules%2Fprivate%2Fsystem%2Feldiron.nix;h=fdc3692f0cc404376b20fe9419a86abaa864f14d;hp=2475710771ffd778246bfe98d06e3373cdb98c70;hb=c081a03a97780afd845e017f279e0f1e96a86c8a;hpb=c41d0de83b1841097c6be8d8baeed557b065657b

diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix
index 2475710..fdc3692 100644
--- a/modules/private/system/eldiron.nix
+++ b/modules/private/system/eldiron.nix
@@ -122,13 +122,21 @@
   services.netdata.config.global."memory mode" = "none";
   services.netdata.config.health."enabled" = "no";
   services.netdata.config.web.mode = "none";
-  environment.etc."netdata/stream.conf".text = ''
-    [stream]
-        enabled = yes
-        destination = ${config.myEnv.monitoring.netdata_aggregator}
-        api key = ${config.myEnv.monitoring.netdata_keys.eldiron}
-  '';
+  users.users."${config.services.netdata.user}".extraGroups = [ "keys" ];
+  environment.etc."netdata/stream.conf".source = "/var/secrets/netdata-stream.conf";
   secrets.keys = [
+    {
+      dest = "netdata-stream.conf";
+      user = config.services.netdata.user;
+      group = config.services.netdata.group;
+      permissions = "0400";
+      text = ''
+        [stream]
+            enabled = yes
+            destination = ${config.myEnv.monitoring.netdata_aggregator}
+            api key = ${config.myEnv.monitoring.netdata_keys.eldiron}
+      '';
+    }
     {
       dest = "zrepl_backup/identity";
       user = "root";