From 134ecd8a37019d384e8d2172dce058ef6aadda9a Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@private.storage>
Date: Tue, 13 Jul 2021 10:44:41 +0000
Subject: [PATCH] Add Google SSO secret configs

---
 morph/grid/production/grid.nix     | 2 ++
 morph/grid/testing/grid.nix        | 2 ++
 morph/lib/customize-monitoring.nix | 1 +
 morph/lib/monitoring.nix           | 7 +++++++
 4 files changed, 12 insertions(+)

diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index 1aa60561..d07756e4 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -21,6 +21,8 @@ let
         monitoringvpnIPv4 = "172.23.23.11";
       }))
     ];
+    services.private-storage.monitoring.grafana.googleOAuthClientID = "";
+    services.private-storage.monitoring.grafana.googleOAuthClientSecretFile = /run/keys/grafana-google-sso.secret;
   };
 
   monitoring = {
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index 996b1fba..0ecae92f 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -45,6 +45,8 @@ let
         stateVersion = "19.09";
       })
     ];
+    services.private-storage.monitoring.grafana.googleOAuthClientID = "";
+    services.private-storage.monitoring.grafana.googleOAuthClientSecretFile = /run/keys/grafana-google-sso.secret;
   };
 
   # TBD: derive these automatically:
diff --git a/morph/lib/customize-monitoring.nix b/morph/lib/customize-monitoring.nix
index 8fea5773..23b0e0d4 100644
--- a/morph/lib/customize-monitoring.nix
+++ b/morph/lib/customize-monitoring.nix
@@ -42,6 +42,7 @@
   deployment.secrets = {
     "monitoringvpn-private-key".source = "${privateKeyPath}/monitoringvpn/server.key";
     "monitoringvpn-preshared-key".source = "${privateKeyPath}/monitoringvpn/preshared.key";
+    "grafana-google-sso-secret".source = "${privateKeyPath}/grafana-google-sso.secret";
   };
 
   networking.domain = domain;
diff --git a/morph/lib/monitoring.nix b/morph/lib/monitoring.nix
index 6df65a54..31ab1c0d 100644
--- a/morph/lib/monitoring.nix
+++ b/morph/lib/monitoring.nix
@@ -17,6 +17,13 @@ rec {
         permissions = "0400";
         action = ["sudo" "systemctl" "restart" "wireguard-monitoringvpn.service"];
       };
+      "grafana-google-sso-secret" = {
+        destination = "/run/keys/grafana-google-sso.secret";
+        owner.user = "root";
+        owner.group = "root";
+        permissions = "0400";
+        action = ["sudo" "systemctl" "restart" "grafana.service"];
+      };
     };
   };
 
-- 
GitLab