Remove netdata stream key from the store

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2021-01-29 16:33:03 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2021-01-29 16:33:03 +0100
commit: 0e3747095920c0dcfeee74ebe6f280b0defc02c5 (patch)
tree: 5590d520338c4ad8f0e10e0d8c5d1ed17dbf4727 /modules
parent: afde6c32d3c9600a8a34336c9c1ca95e8ceb3cb2 (diff)
download: Nix-0e3747095920c0dcfeee74ebe6f280b0defc02c5.tar.gz
Nix-0e3747095920c0dcfeee74ebe6f280b0defc02c5.tar.zst
Nix-0e3747095920c0dcfeee74ebe6f280b0defc02c5.zip
1 files changed, 18 insertions, 7 deletions
diff --git a/modules/private/system/monitoring-1.nix b/modules/private/system/monitoring-1.nix
index 188162a..2198d09 100644
--- a/modules/private/system/monitoring-1.nix
+++ b/modules/private/system/monitoring-1.nix
@@ -42,13 +42,24 @@
  services.netdata.config.web."allow netdata.conf from" = "fd*";
  services.netdata.config.web."allow management from" = "fd*";
  networking.firewall.allowedTCPPorts = [ 19999 ];
-  environment.etc."netdata/stream.conf".text = builtins.concatStringsSep "\n" (pkgs.lib.mapAttrsToList (_: key: ''
+  environment.etc."netdata/stream.conf".source = "/var/secrets/netdata-stream.conf";
-    [${key}]
-        enabled = yes
+  secrets.keys = [
-        default history = 3600
+    {
-        default memory = ram
+      dest = "netdata-stream.conf";
-        health enabled by default = auto
+      user = config.services.netdata.user;
-  '') config.myEnv.monitoring.netdata_keys);
+      group = config.services.netdata.group;
+      permissions = "0400";
+      text = builtins.concatStringsSep "\n" (pkgs.lib.mapAttrsToList (_: key: ''
+        [${key}]
+            enabled = yes
+            default history = 3600
+            default memory = ram
+            health enabled by default = auto
+      '') config.myEnv.monitoring.netdata_keys);
+    }
+  ];
+  users.users."${config.services.netdata.user}".extraGroups = [ "keys" ];
  # This value determines the NixOS release with which your system is
  # to be compatible, in order to avoid breaking some software such as
  # database servers. You should change this only after NixOS release
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2021-01-29 16:33:03 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2021-01-29 16:33:03 +0100
commit	0e3747095920c0dcfeee74ebe6f280b0defc02c5 (patch)
tree	5590d520338c4ad8f0e10e0d8c5d1ed17dbf4727 /modules
parent	afde6c32d3c9600a8a34336c9c1ca95e8ceb3cb2 (diff)
download	Nix-0e3747095920c0dcfeee74ebe6f280b0defc02c5.tar.gz Nix-0e3747095920c0dcfeee74ebe6f280b0defc02c5.tar.zst Nix-0e3747095920c0dcfeee74ebe6f280b0defc02c5.zip

diff --git a/modules/private/system/monitoring-1.nix b/modules/private/system/monitoring-1.nix index 188162a..2198d09 100644 --- a/modules/private/system/monitoring-1.nix +++ b/modules/private/system/monitoring-1.nix
@@ -42,13 +42,24 @@
42	services.netdata.config.web."allow netdata.conf from" = "fd*";	42	services.netdata.config.web."allow netdata.conf from" = "fd*";
43	services.netdata.config.web."allow management from" = "fd*";	43	services.netdata.config.web."allow management from" = "fd*";
44	networking.firewall.allowedTCPPorts = [ 19999 ];	44	networking.firewall.allowedTCPPorts = [ 19999 ];
45	environment.etc."netdata/stream.conf".text = builtins.concatStringsSep "\n" (pkgs.lib.mapAttrsToList (_: key: ''	45	environment.etc."netdata/stream.conf".source = "/var/secrets/netdata-stream.conf";
46	[${key}]	46
47	enabled = yes	47	secrets.keys = [
48	default history = 3600	48	{
49	default memory = ram	49	dest = "netdata-stream.conf";
50	health enabled by default = auto	50	user = config.services.netdata.user;
51	'') config.myEnv.monitoring.netdata_keys);	51	group = config.services.netdata.group;
		52	permissions = "0400";
		53	text = builtins.concatStringsSep "\n" (pkgs.lib.mapAttrsToList (_: key: ''
		54	[${key}]
		55	enabled = yes
		56	default history = 3600
		57	default memory = ram
		58	health enabled by default = auto
		59	'') config.myEnv.monitoring.netdata_keys);
		60	}
		61	];
		62	users.users."${config.services.netdata.user}".extraGroups = [ "keys" ];
52	# This value determines the NixOS release with which your system is	63	# This value determines the NixOS release with which your system is
53	# to be compatible, in order to avoid breaking some software such as	64	# to be compatible, in order to avoid breaking some software such as
54	# database servers. You should change this only after NixOS release	65	# database servers. You should change this only after NixOS release