From 201f07efc38af5f151546cbd3aad0c47f5636893 Mon Sep 17 00:00:00 2001 From: Max Date: Sat, 3 Aug 2024 00:37:06 +0200 Subject: [PATCH] cluster/services/monitoring: use lockmith for loki --- cluster/services/monitoring/default.nix | 14 ++++++++++++-- cluster/services/monitoring/logging.nix | 8 ++++++-- .../services/monitoring/secrets/loki-secrets.age | Bin 723 -> 0 bytes secrets.nix | 1 - 4 files changed, 18 insertions(+), 5 deletions(-) delete mode 100644 cluster/services/monitoring/secrets/loki-secrets.age diff --git a/cluster/services/monitoring/default.nix b/cluster/services/monitoring/default.nix index 80f1ebb..20961cc 100644 --- a/cluster/services/monitoring/default.nix +++ b/cluster/services/monitoring/default.nix @@ -78,11 +78,21 @@ in garage = { keys = { - loki = { }; + loki-ingest.locksmith = { + nodes = config.services.monitoring.nodes.logging; + format = "envFile"; + }; + loki-query.locksmith = { + nodes = config.services.monitoring.nodes.logging; + format = "envFile"; + }; tempo = { }; }; buckets = { - loki-chunks.allow.loki = [ "read" "write" ]; + loki-chunks.allow = { + loki-ingest = [ "read" "write" ]; + loki-query = [ "read" ]; + }; tempo-chunks.allow.tempo = [ "read" "write" ]; }; }; diff --git a/cluster/services/monitoring/logging.nix b/cluster/services/monitoring/logging.nix index 2f52332..4c134aa 100644 --- a/cluster/services/monitoring/logging.nix +++ b/cluster/services/monitoring/logging.nix @@ -8,12 +8,16 @@ let cfg = config.services.loki; in { - age.secrets.lokiSecrets.file = ./secrets/loki-secrets.age; links.loki-grpc.protocol = "grpc"; systemd.services.loki = { after = [ "wireguard-wgmesh.service" ]; - serviceConfig.EnvironmentFile = config.age.secrets.lokiSecrets.path; + serviceConfig.EnvironmentFile = "/run/locksmith/garage-loki-ingest"; }; + + services.locksmith.waitForSecrets.loki = [ + "garage-loki-ingest" + ]; + services.loki = { enable = true; dataDir = "/srv/storage/private/loki"; diff --git a/cluster/services/monitoring/secrets/loki-secrets.age b/cluster/services/monitoring/secrets/loki-secrets.age deleted file mode 100644 index 970cb4a7be5631410c06b3a31fd37a5542596368..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 723 zcmZ9{&1%yC007`I8M=tdCiJi&76fH>S<(>7^~ zhdG>xe|Yhvr-96)=t(^2MK2Qt(SwemAc`0D4TgH%6MTG1T?cim>JFV=!?qS|w+?w> z06Z7$b`4P15EKn3f;k?IA;}y2;i;(W(_vanqIKdo>gqiLf862xO5@Yxxi% zTB0G2LODEls#v^W#me=XT5BsM zlwlY}DO4m+=Jsk@q)hey-THaKwWigYU(H#`|(67Zm93gIX@z=&v+9qAftQxzGA zgpvs~EA};#M&d&ra#MyvV1u3&f<2faMz)l1z+uQ}5zK$>jJ?nX!z5UDb)~BZ`=??0 zQqZdQP3`h%luIBF^rT+ z62kk#1d|1r7R2ctjcaF`HC`^}+BofTkf~WjRw;WG)s-E^G<&dBP7~c&R*j7uE$%={ zEW>Af9{@ox$hT-2uezOL!83Te;kSs0gk3=Os4ZtTZP=q|wPb~P#4XCe?n$Y@e__at z;mywbLyKEi94CGF$oS;h@!9>0Q`5gF)l&~RYj@@@zMS8@C298?r{+Ey%(^b diff --git a/secrets.nix b/secrets.nix index 8dc3e9f..3e1c920 100644 --- a/secrets.nix +++ b/secrets.nix @@ -9,7 +9,6 @@ in with hosts; "cluster/services/dns/acme-dns-db-credentials.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ]; "cluster/services/monitoring/secrets/grafana-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ]; "cluster/services/monitoring/secrets/grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ]; - "cluster/services/monitoring/secrets/loki-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "cluster/services/monitoring/secrets/secret-monitoring/blackbox.age".publicKeys = max ++ map systemKeys [ checkmate grail prophet ]; "cluster/services/monitoring/secrets/tempo-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "cluster/services/storage/secrets/heresy-encryption-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];