From ea7707d050f41934ff4df36a7bcf1c5712892ecb Mon Sep 17 00:00:00 2001 From: servius Date: Tue, 24 Feb 2026 13:24:30 +0530 Subject: [PATCH] feat: Use Grafana secretKey --- nixos/tako/services/monitoring.nix | 4 ++++ secrets/secrets.yaml | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/nixos/tako/services/monitoring.nix b/nixos/tako/services/monitoring.nix index cfb3843e..1735a305 100644 --- a/nixos/tako/services/monitoring.nix +++ b/nixos/tako/services/monitoring.nix @@ -23,6 +23,9 @@ caddy = 2019; }; in { + sops.secrets."grafana.secretKey" = { + owner = "grafana"; + }; # Grafana configuration with Authelia integration services.grafana = { enable = true; @@ -54,6 +57,7 @@ in { security = { disable_gravatar = true; cookie_secure = true; + secret_key = ''$__file{${config.sops.secrets."grafana.secretKey".path}}''; }; analytics = { diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index bc70dbec..813ccf26 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -119,7 +119,7 @@ sops: VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-19T21:23:49Z" - mac: ENC[AES256_GCM,data:Pey0VPpH1lZazbAqHrrwuoEHZL2Pi7uMV/tR8aLGI958JHDxuHZK41YEOsMa+aiOtiJclgRvO8iOb0oDESsVO5hDTCou7/sJe2Epk62lEclTiho+QnjhnEmP2qYcuWfR1PVwk/n/wkPWm+rBsYGH7PpQZeYUznWQaHPZPFNnIPw=,iv:KTe0Quu/MJA17BivQDCTnBi5IAGtq6x0GKaqm4MuUUo=,tag:IPehj8blXzuEr0HN85y4eg==,type:str] + lastmodified: "2026-02-24T07:52:11Z" + mac: ENC[AES256_GCM,data:uGtKSAltHbQsaQWiVIRJ80kfYNERl8RO4l+6xp4NPea44FYkiApuiW1RJ1E+Rk4bL0YV+fJ/vb4n2/U6RKuQBYrhyhHsUrCiu1N7CVStCqXispSZSPLFbbUDcGby7bbggs0tDBH9mC6UHeZed5Nu4TKD7dOqBCtNqnECXevIbIQ=,iv:DrkSurXsqHqWf4hs86XJAIIyUIhSXsKL02khZg+hT00=,tag:PtXt9KqElY1K6TMV28s77A==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0