alertmanager: fix SMTP secret
All checks were successful
Flake checks / Check (pull_request) Successful in 2m17s

This commit is contained in:
teutat3s 2024-05-15 17:15:46 +02:00
parent bd4241e71d
commit e52324209f
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
4 changed files with 52 additions and 4 deletions

View file

@ -15,7 +15,6 @@
file = "${flake.self}/secrets/grafana-smtp-password.age"; file = "${flake.self}/secrets/grafana-smtp-password.age";
mode = "440"; mode = "440";
owner = "grafana"; owner = "grafana";
group = "prometheus";
}; };
age.secrets.grafana-keycloak-client-secret = { age.secrets.grafana-keycloak-client-secret = {
file = "${flake.self}/secrets/grafana-keycloak-client-secret.age"; file = "${flake.self}/secrets/grafana-keycloak-client-secret.age";

View file

@ -11,6 +11,11 @@
mode = "600"; mode = "600";
owner = "prometheus"; owner = "prometheus";
}; };
age.secrets.alertmanager-envfile = {
file = "${flake.self}/secrets/alertmanager-envfile.age";
mode = "600";
owner = "alertmanager";
};
services.caddy.virtualHosts."alerts.${config.pub-solar-os.networking.domain}" = { services.caddy.virtualHosts."alerts.${config.pub-solar-os.networking.domain}" = {
logFormat = lib.mkForce '' logFormat = lib.mkForce ''
@ -104,7 +109,7 @@
enable = true; enable = true;
# port = 9093; # Default # port = 9093; # Default
webExternalUrl = "https://alerts.pub.solar"; webExternalUrl = "https://alerts.pub.solar";
# environmentFile = "${config.age.secrets.nachtigall-alertmanager-envfile.path}"; environmentFile = "${config.age.secrets.alertmanager-envfile.path}";
configuration = { configuration = {
route = { route = {
@ -126,8 +131,8 @@
from = "alerts@pub.solar"; from = "alerts@pub.solar";
smarthost = "mail.greenbaum.zone:465"; smarthost = "mail.greenbaum.zone:465";
auth_username = "admins@pub.solar"; auth_username = "admins@pub.solar";
auth_password_file = "${config.age.secrets.grafana-smtp-password.path}"; auth_password = "$SMTP_AUTH_PASSWORD";
require_tls = true; require_tls = false;
} }
]; ];
# TODO: # TODO:

View file

@ -0,0 +1,43 @@
age-encryption.org/v1
-> ssh-ed25519 Y0ZZaw TsTaRLA+9WtN9+FJWpXeP12Af5EXMbo+ANTaLC9YlC8
Yols084RY1C9gfOrDMwJcFRuGZ/5dgGuJey7RXqm7g0
-> ssh-ed25519 uYcDNw ZLAINtv10PGMtK5TL5Tf0NyK/r1iww+vTC09ElMGoX0
EgBB3aiHHdaDue9+Zdxg6mTV2VHeLoDN9wT+hlAzVMk
-> ssh-rsa f5THog
aiJqMs3/u06tzs8lx2ISlQm87TDatqEn47v3LB3HehPanRpZx9O1HUIRTeiWkMU9
XroGe27HQCCPd63QunBHUH7WStA10IS4rHVpMcULB5IM4jwcbOhSYSiGyY2sbv8+
Nn/04ZOwrfzTabC7moV1DqAw6hnlDqKWp/q5N6xMb780w5vn6Poni3OJfuLaBWaT
r6WhE5evVt3F4jyYI64fB2hFw4AR2N/zIMOMvBncLFwJf9lbIFdbsENZf94cYceF
Tj150xdMPuErBsSJQOlfDYSmyioNN3UJUWiYsDeM3nbPEVPHhfTk6b2/lMhSQkcY
KcuMj/mN/7w7i4HSxW6mUcK2sUMV1BcSSGYRH9ZFf7kq++KpyiP7vB8vaZkcKbfJ
qqrIcXTuXhR+/bWZWqf/GQOVwRwe1TnqN5MoZHipg3a/UCe0gMM617VwZcfhBzjA
eW6VUdjSewwA8YHEuDrAeoQ4CMs7y56EaIlr2IlQy6uzJPX9eeO0auO9RZ5AR40a
7un0FrlTJX9uorpCD/zi3tvd22W5qVoMGZ8vXJShZmT9he9K3Bv6XbzG4DJQ9/nv
xZ676HUYhWeyYZFBvt6DnEBneiDJFeaV2AeuQY+juHBOfBrbYmlE0S4Pd8uRSJ7w
u5UJTT+RV5TkZhpCqqYm7DphYocnrv7Ic+QKmvKE4ls
-> ssh-rsa kFDS0A
HhilpvIiUps80SXYUXg5vqNmcy8SACvxpC5dTVBU2n+4OVXQY/35Il5ZOrUX3U7a
arfVp/KaQF7Oncu3x8F6Tp1ibUwmoyAV6OYqqs128nEPwkNbJvwrLY3aEBm+NIzm
gMlLRjj6EP84TVWgOsenQCS4l957f0QoNVxQ3f+GWdOiZZJFsv//ndsflng8zPlF
bGZy8c1TxDZfOD0/kW3Nx05c9X0EHKOEoDUc0p4qntrWlflxcvLONCgv1gZuPMF+
jMsPFP81eu3rkEUxefJ1qbvvGuW0cbzfwiStv7iGQ+Skh/vcoM0qw6p+csNKyHVO
8nYFcs9kD8067zMnyuqiUHASfZ4rPqTji0iiPC5kZn6N0YSgz2bybkXcoqmy3m6y
qs0S+RD99o2vCLhW46hZyKAgUyTU1DW42EmnZkPrLoqV7uin8fAwPO/98Q/b3Rkr
zBRtyTEbooHvOCL8limiRtDl+5LMcjRFNWk8AN+9vHMsYurXPNOCnd8n2Z4MbT2U
AhpoAD/+8HXp0InBJ/sclITVAc6tPb2CbJW6mrFezH8Ri+/6u+zSF84JDd9ZrCOz
oIshiGZmhP5mIuspVrxgKlm78a56vQrygpqzvuSSYk3zIJxmhEkZhw09/ga+rhyB
pkKn7GRyZTfKjwt5nnvW5/bmQndTa13j+7RhkRgBSvU
-> piv-p256 vRzPNw Awpc8paUfKnP6r0bYsaoeDE9GVSnads4/a3jCVScgS4V
YydKOS09kyZDYN843SHIsYUimtSQKvGhIuycPWOFojc
-> piv-p256 zqq/iw A54xbcufPkLpTD+N47AiIe/xZ/0vA5kDJ4p3rIZw0a4A
1WFP2K3tfUxtdKDBEmT3cx/u1i5nCzFR7cK4kN3WjC4
-> ssh-ed25519 YFSOsg L0lPSkoPVRKGlJ9MzkJx+cQvnZw/5m/j/JO4aRzd52Q
o/N7zQkvbGGoadiJSvL6lfuP63uqzxEIxDtIg4tgKIo
-> ssh-ed25519 iHV63A qfLWZhbDisCSJ4vFFTR+XpRUR0WViuAqarf56M0ekT4
ZSWW34pFRr0M2jFhnphIPJ5ch37ASM6OgTzyHSo0KAs
-> ssh-ed25519 BVsyTA JcFezSIfTF+AP8LYfFqz+wIpUrE0aoc1usiLtWxAPQE
F9uhFyCPK46kIy+ud4V5/ESacQgc9R0JV+JTEZO6nBI
-> ssh-ed25519 +3V2lQ G4yT1e7B5O2Gy6tusRMxuWOFScynWfFY5AjrJvxMK1o
n1OVFRqzijWlc+B93cBNdFPz+8CBYOsI5hpF1wz7xr0
--- 61u55uUc7z59iHF1IeyBLmcR6u7STUhpOPb/ODf75Vc
<$kxpû´Ú H:}ò*ä/Tâ®Ñ$ÕbÀJ \F*ðòWîzÉ6 Ý ± Âì<î̹>e?ñ¼<C3B1>Ÿ6ÚµÌ~Ô!

View file

@ -60,6 +60,7 @@ in
"grafana-keycloak-client-secret.age".publicKeys = flora6Keys ++ adminKeys; "grafana-keycloak-client-secret.age".publicKeys = flora6Keys ++ adminKeys;
"grafana-smtp-password.age".publicKeys = flora6Keys ++ adminKeys; "grafana-smtp-password.age".publicKeys = flora6Keys ++ adminKeys;
"alertmanager-envfile.age".publicKeys = flora6Keys ++ adminKeys;
"nachtigall-metrics-nginx-basic-auth.age".publicKeys = nachtigallKeys ++ adminKeys; "nachtigall-metrics-nginx-basic-auth.age".publicKeys = nachtigallKeys ++ adminKeys;
"nachtigall-metrics-prometheus-basic-auth-password.age".publicKeys = "nachtigall-metrics-prometheus-basic-auth-password.age".publicKeys =
flora6Keys ++ nachtigallKeys ++ adminKeys; flora6Keys ++ nachtigallKeys ++ adminKeys;