refactor(sops): Move secret definitions to specific modules

2025-11-14 10:54:51 +08:00 · 2025-11-14 10:54:51 +08:00 · 7fcaa34b28
commit 7fcaa34b28
parent 767a14ab6e
15 changed files with 81 additions and 105 deletions
--- a/configuration/services/metrics/grafana.nix
+++ b/configuration/services/metrics/grafana.nix
@ -67,4 +67,15 @@ in
      };
    };
  };
+
+  sops.secrets = {
+    "grafana/adminPassword" = {
+      owner = "grafana";
+      group = "grafana";
+    };
+    "grafana/secretKey" = {
+      owner = "grafana";
+      group = "grafana";
+    };
+  };
 }
--- a/configuration/services/metrics/victoriametrics.nix
+++ b/configuration/services/metrics/victoriametrics.nix
@ -4,7 +4,7 @@ let
  blackbox_port = config.services.prometheus.exporters.blackbox.port;
 in
 {
-  config.services.victoriametrics = {
+  services.victoriametrics = {
    enable = true;
    extraOptions = [ "-storage.minFreeDiskSpaceBytes=5GB" ];

@ -96,4 +96,10 @@ in
      victorialogs.targets = [ config.services.victorialogs.bindAddress ];
    };
  };
+
+  sops.secrets."forgejo/metrics-token" = {
+    owner = "forgejo";
+    group = "metrics";
+    mode = "0440";
+  };
 }