From caeb93d14371571a7a8dfec6b325fd4e6c1e7ead Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@private.storage>
Date: Thu, 30 Sep 2021 14:05:16 +0000
Subject: [PATCH] Add docs, rename grafana-environment to grafana-slack-url

Epiphany: Systemd reads more than a single environment file. This
lets me improve the file naming much.
---
 morph/grid/local/private-keys/README.rst        |  7 +++++++
 .../{grafana-environment => grafana-slack-url}  |  0
 morph/lib/customize-monitoring.nix              | 17 ++++++++---------
 nixos/modules/monitoring/server/grafana.nix     | 17 +++++++++++------
 4 files changed, 26 insertions(+), 15 deletions(-)
 rename morph/grid/local/private-keys/{grafana-environment => grafana-slack-url} (100%)

diff --git a/morph/grid/local/private-keys/README.rst b/morph/grid/local/private-keys/README.rst
index 684bf942..b4210d84 100644
--- a/morph/grid/local/private-keys/README.rst
+++ b/morph/grid/local/private-keys/README.rst
@@ -19,6 +19,13 @@ grafana-admin.password
 
 This is the initial admin password for the Grafana web admin on the monitoring host.
 
+grafana-slack-url
+-----------------
+
+This file is read by Grafana's systemd service to set an environment variable with a secret Slack WebHook URL to post alerts to.
+The only line in the file should be ``SLACKURL=`` with the secret URL.
+Get a secret URL for your Slack channel at https://www.slack.com/apps/A0F7XDUAZ.
+
 stripe.secret
 -------------
 
diff --git a/morph/grid/local/private-keys/grafana-environment b/morph/grid/local/private-keys/grafana-slack-url
similarity index 100%
rename from morph/grid/local/private-keys/grafana-environment
rename to morph/grid/local/private-keys/grafana-slack-url
diff --git a/morph/lib/customize-monitoring.nix b/morph/lib/customize-monitoring.nix
index 409e59df..d9842692 100644
--- a/morph/lib/customize-monitoring.nix
+++ b/morph/lib/customize-monitoring.nix
@@ -32,9 +32,8 @@
   # logins to Grafana.
 , googleOAuthClientID
 
-  # Whether or not to enable slack alerting. Expects a SLACKURL environment
-  # variable with the secret URL. Get the secret URL for your Slack at
-  # https://www.slack.com/apps/A0F7XDUAZ.
+  # Whether to enable alerting via Slack.
+  # When true requires a grafana-slack-url file (see private-keys/README.rst).
 , enableSlackAlert ? false
 
   # A string giving the NixOS state version for the system.
@@ -76,13 +75,13 @@ in {
           action = ["sudo" "systemctl" "restart" "grafana.service"];
         };
       };
-    grafanaEnvironment =
+    grafanaSlackUrl =
       if !enableSlackAlert
-      then {}
+      then { }
       else {
-        "grafana-environment" = {
-          source = "${privateKeyPath}/grafana-environment";
-          destination = "/run/keys/grafana-environment";
+        "grafana-slack-url" = {
+          source = "${privateKeyPath}/grafana-slack-url";
+          destination = "/run/keys/grafana-slack-url";
           owner.user = config.systemd.services.grafana.serviceConfig.User;
           owner.group = config.users.users.grafana.group;
           permissions = "0400";
@@ -94,7 +93,7 @@ in {
       "monitoringvpn-preshared-key".source = "${privateKeyPath}/monitoringvpn/preshared.key";
     };
     in
-      grafanaSSO // grafanaEnvironment // monitoringvpn;
+      grafanaSSO // grafanaSlackUrl // monitoringvpn;
 
   networking.hosts = hostsMap;
 
diff --git a/nixos/modules/monitoring/server/grafana.nix b/nixos/modules/monitoring/server/grafana.nix
index ba1fdf52..1783782c 100644
--- a/nixos/modules/monitoring/server/grafana.nix
+++ b/nixos/modules/monitoring/server/grafana.nix
@@ -66,14 +66,19 @@ in {
     { type = lib.types.bool;
       default = false;
       description = ''
-        Enables the slack alerter. Expects a $SLACKURL environment
-        variable with the secret URL in grafanaEnvironmentFile.
+        Enables the slack alerter. Expects a file that contains
+        the definition of an environment variable named SLACKURL
+        pointing to the secret Slack Web Hook URL in
+        grafanaSlackUrlFile (see below).
       '';
     };
-    grafanaEnvironmentFile = lib.mkOption
+    grafanaSlackUrlFile = lib.mkOption
     { type = lib.types.path;
-      default = /run/keys/grafana-environment;
-      description = "Where to find the Grafana Systemd EnvironmentFile.";
+      default = /run/keys/grafana-slack-url;
+      description = ''
+        Where to find the Grafana Systemd EnvironmentFile that
+        sets the secret SLACKURL environment variable.
+      '';
     };
   };
 
@@ -84,7 +89,7 @@ in {
     # We pass the secret Slack URL using an environment variable.
     systemd.services.grafana.serviceConfig.EnvironmentFile =
       if cfg.enableSlackAlert
-      then [ cfg.grafanaEnvironmentFile ]
+      then [ cfg.grafanaSlackUrlFile ]
       else [ ];
 
     services.grafana = {
-- 
GitLab