diff --git a/DEPLOYMENT-NOTES.rst b/DEPLOYMENT-NOTES.rst
index 0a7ea52e0bfb20e77f86797ead1778d614a2a720..e48a8b524ebd3218fd3b96e8a182b25886449fb8 100644
--- a/DEPLOYMENT-NOTES.rst
+++ b/DEPLOYMENT-NOTES.rst
@@ -1,6 +1,8 @@
Deployment notes
================
+- 2021-10-XX The secret in ``private-keys/grafana-slack-url`` needs to be changed to remove the ``SLACKURL=`` prefix.
+
- 2021-09-30 `Enable alerting <https://whetstone.privatestorage.io/privatestorage/PrivateStorageio/-/merge_requests/185>`_ needs a secret in ``private-keys/grafana-slack-url`` looking like the template in ``morph/grid/local/private-keys/grafana-slack-url`` and pointing to the secret API endpoint URL saved in `this 1Password entry <https://privatestorage.1password.com/vaults/7flqasy5hhhmlbtp5qozd3j4ga/allitems/cgznskz2oix2tyx5xyntwaos5i>`_ (or create a new secret URL at https://www.slack.com/apps/A0F7XDUAZ).
- 2021-09-07 `Manage access to payment metrics <https://whetstone.privatestorage.io/privatestorage/PrivateStorageio/-/merge_requests/146>`_ requires moving and chown'ing the PaymentServer database on the ``payments`` host::
diff --git a/morph/grid/local/private-keys/README.rst b/morph/grid/local/private-keys/README.rst
index 91670ac1a0ea6ee2c68df71ff196d010bdba8637..8ecd2dd261b02dd757862703944ad970688d3e7e 100644
--- a/morph/grid/local/private-keys/README.rst
+++ b/morph/grid/local/private-keys/README.rst
@@ -23,7 +23,7 @@ grafana-slack-url
-----------------
This file is read by Grafana's systemd service to set an environment variable with a secret Slack WebHook URL to post alerts to.
-The only line in the file should be ``SLACKURL=`` with the secret URL.
+The only line in the file should be the secret URL.
Use the url from `this 1Password entry <https://privatestorage.1password.com/vaults/7flqasy5hhhmlbtp5qozd3j4ga/allitems/cgznskz2oix2tyx5xyntwaos5i>`_ or get a new secret URL for your Slack channel at https://www.slack.com/apps/A0F7XDUAZ.
stripe.secret
diff --git a/morph/grid/local/private-keys/grafana-slack-url b/morph/grid/local/private-keys/grafana-slack-url
index cb7dd1aec785a557fef6082a7570bc8c56728f14..0885b7bfe1786d19f845c45d749bafaf12756cb4 100644
--- a/morph/grid/local/private-keys/grafana-slack-url
+++ b/morph/grid/local/private-keys/grafana-slack-url
@@ -1,2 +1,2 @@
-SLACKURL=https://hooks.slack.com/services/x/y/z
+https://hooks.slack.com/services/x/y/z
diff --git a/nixos/modules/monitoring/server/grafana.nix b/nixos/modules/monitoring/server/grafana.nix
index 1783782ce7e395f9201dd93e2386f4eed4bf003e..1b51abd4b795a7d6dd8c4c4319beecae4162bb53 100644
--- a/nixos/modules/monitoring/server/grafana.nix
+++ b/nixos/modules/monitoring/server/grafana.nix
@@ -67,17 +67,14 @@ in {
default = false;
description = ''
Enables the slack alerter. Expects a file that contains
- the definition of an environment variable named SLACKURL
- pointing to the secret Slack Web Hook URL in
- grafanaSlackUrlFile (see below).
+ the secret Slack Web Hook URL in grafanaSlackUrlFile (see below).
'';
};
grafanaSlackUrlFile = lib.mkOption
{ type = lib.types.path;
default = /run/keys/grafana-slack-url;
description = ''
- Where to find the Grafana Systemd EnvironmentFile that
- sets the secret SLACKURL environment variable.
+ Where to find the file that containts the slack URL.
'';
};
};
@@ -86,12 +83,6 @@ in {
# Port 80 for ACME ssl retrieval only. 443 for nginx -> grafana.
networking.firewall.allowedTCPPorts = [ 80 443 ];
- # We pass the secret Slack URL using an environment variable.
- systemd.services.grafana.serviceConfig.EnvironmentFile =
- if cfg.enableSlackAlert
- then [ cfg.grafanaSlackUrlFile ]
- else [ ];
-
services.grafana = {
enable = true;
domain = cfg.domain;
@@ -157,7 +148,9 @@ in {
uploadImage = true;
};
secure_settings = {
- url = "$SLACKURL";
+ # `$__file{}` reads the value from the named file.
+ # See https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider
+ url = "$__file{${toString cfg.grafanaSlackUrlFile}}";
};
}]);
};