From 3de4e68b30af1b16a371ead0bc440c4648f514a1 Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@private.storage>
Date: Fri, 16 Jul 2021 02:58:25 +0000
Subject: [PATCH] Introduce new config option for monitoring google OAuth2
client ID
---
morph/grid/local/config.json | 1 +
morph/grid/local/grid.nix | 4 +---
morph/grid/production/config.json | 1 +
morph/grid/production/grid.nix | 4 +---
morph/grid/testing/config.json | 1 +
morph/grid/testing/grid.nix | 4 +---
morph/lib/customize-monitoring.nix | 4 ++++
nixos/modules/monitoring/server/grafana.nix | 2 +-
8 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/morph/grid/local/config.json b/morph/grid/local/config.json
index 9a929d2c..cebcc2ae 100644
--- a/morph/grid/local/config.json
+++ b/morph/grid/local/config.json
@@ -9,4 +9,5 @@
, "allowedChargeOrigins": [
"http://localhost:5000"
]
+, "googleOAuthClientID": ""
}
diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index 320aa951..e1bcbe43 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -61,14 +61,12 @@ let
(gridlib.hardware-virtual ({ publicIPv4 = "192.168.67.24"; }))
(gridlib.customize-monitoring {
inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
- inherit (config) domain publicKeyPath privateKeyPath letsEncryptAdminEmail;
+ inherit (config) domain publicKeyPath privateKeyPath letsEncryptAdminEmail googleOAuthClientID;
monitoringvpnIPv4 = "172.23.23.1";
stateVersion = "19.09";
})
deployment
];
- # Allow anonymous access to Grafana in local development environment:
- services.private-storage.monitoring.grafana.googleOAuthClientID = "";
};
# TBD: derive these automatically:
diff --git a/morph/grid/production/config.json b/morph/grid/production/config.json
index 092e4dff..f9ca1b0b 100644
--- a/morph/grid/production/config.json
+++ b/morph/grid/production/config.json
@@ -15,4 +15,5 @@
, "https://private.storage"
, "https://www.private.storage"
]
+, "googleOAuthClientID": "productiongrid-replaceme"
}
diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index 78f79bce..17de7283 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -30,8 +30,6 @@ let
}))
deployment
];
- services.private-storage.monitoring.grafana.googleOAuthClientID = "";
- services.private-storage.monitoring.grafana.googleOAuthClientSecretFile = /run/keys/grafana-google-sso.secret;
};
monitoring = {
@@ -40,7 +38,7 @@ let
gridlib.hardware-aws
(gridlib.customize-monitoring {
inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
- inherit (config) domain publicKeyPath privateKeyPath letsEncryptAdminEmail;
+ inherit (config) domain publicKeyPath privateKeyPath letsEncryptAdminEmail googleOAuthClientID;
monitoringvpnIPv4 = "172.23.23.1";
stateVersion = "19.09";
})
diff --git a/morph/grid/testing/config.json b/morph/grid/testing/config.json
index 8b949595..10c772c5 100644
--- a/morph/grid/testing/config.json
+++ b/morph/grid/testing/config.json
@@ -14,4 +14,5 @@
, "https://privatestorage-staging.com"
, "https://www.privatestorage-staging.com"
]
+, "googleOAuthClientID": "testinggrid-replaceme"
}
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index 5f9a286f..ed07b504 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -51,14 +51,12 @@ let
gridlib.hardware-aws
(gridlib.customize-monitoring {
inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
- inherit (config) domain publicKeyPath privateKeyPath letsEncryptAdminEmail;
+ inherit (config) domain publicKeyPath privateKeyPath letsEncryptAdminEmail googleOAuthClientID;
monitoringvpnIPv4 = "172.23.23.1";
stateVersion = "19.09";
})
deployment
];
- services.private-storage.monitoring.grafana.googleOAuthClientID = "";
- services.private-storage.monitoring.grafana.googleOAuthClientSecretFile = /run/keys/grafana-google-sso.secret;
};
# TBD: derive these automatically:
diff --git a/morph/lib/customize-monitoring.nix b/morph/lib/customize-monitoring.nix
index 23b0e0d4..56de405f 100644
--- a/morph/lib/customize-monitoring.nix
+++ b/morph/lib/customize-monitoring.nix
@@ -31,6 +31,9 @@
# which nodes to scrape PaymentServer metrics from.
, paymentExporterTargets ? []
+ # A string containing the ClientID for authorization against GSuite
+, googleOAuthClientID
+
# A string giving the NixOS state version for the system.
, stateVersion
, ...
@@ -63,6 +66,7 @@
services.private-storage.monitoring.grafana = {
inherit letsEncryptAdminEmail;
+ inherit googleOAuthClientID;
domain = "${config.networking.hostName}.${config.networking.domain}";
};
diff --git a/nixos/modules/monitoring/server/grafana.nix b/nixos/modules/monitoring/server/grafana.nix
index 242b2640..7fe92e5e 100644
--- a/nixos/modules/monitoring/server/grafana.nix
+++ b/nixos/modules/monitoring/server/grafana.nix
@@ -50,7 +50,7 @@ in {
googleOAuthClientSecretFile = lib.mkOption
{ type = lib.types.path;
example = lib.literalExample "\${privKeyPath}/grafana-gsuite-client-secret";
- default = null;
+ default = /run/keys/grafana-google-sso.secret;
description = "The path to the GSuite SSO secret file.";
};
};
--
GitLab