From ebd70f318678dda5f7334f734c76d36f60596eed Mon Sep 17 00:00:00 2001 From: Jonas Thelemann Date: Mon, 2 Jun 2025 03:54:07 +0200 Subject: [PATCH] refactor(grafana): load secrets by environment --- README.md | 6 +++--- .../configurations/grafana/grafana.ini | 10 ---------- .../secrets/grafana/admin_email.secret | 1 + .../grafana/admin_email.secret.template | 1 + .../secrets/grafana/admin_password.secret | 1 + .../grafana/admin_password.secret.template | 1 + .../secrets/grafana/admin_user.secret | 1 + .../grafana/admin_user.secret.template | 1 + src/development/stack.yml | 20 ++++++++++++++++++- .../configurations/grafana/grafana.ini | 10 ---------- src/production/production.yml | 9 --------- 11 files changed, 28 insertions(+), 33 deletions(-) delete mode 100644 src/development/configurations/grafana/grafana.ini create mode 100644 src/development/secrets/grafana/admin_email.secret create mode 100644 src/development/secrets/grafana/admin_email.secret.template create mode 100644 src/development/secrets/grafana/admin_password.secret create mode 100644 src/development/secrets/grafana/admin_password.secret.template create mode 100644 src/development/secrets/grafana/admin_user.secret create mode 100644 src/development/secrets/grafana/admin_user.secret.template delete mode 100644 src/production/configurations/grafana/grafana.ini diff --git a/README.md b/README.md index b9e6e8c7..0ad36d53 100644 --- a/README.md +++ b/README.md @@ -18,15 +18,15 @@ This project is deployed in accordance to the [DargStack template](https://githu ## secrets - - ### `grafana_admin_email` ![production](https://img.shields.io/badge/-production-informational.svg?style=flat-square) + - ### `grafana_admin_email` The observation dashboard's admin email. - - ### `grafana_admin_password` ![production](https://img.shields.io/badge/-production-informational.svg?style=flat-square) + - ### `grafana_admin_password` The observation dashboard's admin password. - - ### `grafana_admin_user` ![production](https://img.shields.io/badge/-production-informational.svg?style=flat-square) + - ### `grafana_admin_user` The observation dashboard's admin user. diff --git a/src/development/configurations/grafana/grafana.ini b/src/development/configurations/grafana/grafana.ini deleted file mode 100644 index 2234a8d0..00000000 --- a/src/development/configurations/grafana/grafana.ini +++ /dev/null @@ -1,10 +0,0 @@ -[database] -host = postgres:5432 -password = $__file{/run/secrets/postgres_role_service_grafana_password} -type = postgres -user = $__file{/run/secrets/postgres_role_service_grafana_username} - -[security] -admin_email = admin@localhost -admin_password = grafana -admin_user = grafana \ No newline at end of file diff --git a/src/development/secrets/grafana/admin_email.secret b/src/development/secrets/grafana/admin_email.secret new file mode 100644 index 00000000..06474a56 --- /dev/null +++ b/src/development/secrets/grafana/admin_email.secret @@ -0,0 +1 @@ +admin@localhost \ No newline at end of file diff --git a/src/development/secrets/grafana/admin_email.secret.template b/src/development/secrets/grafana/admin_email.secret.template new file mode 100644 index 00000000..a6bb01c1 --- /dev/null +++ b/src/development/secrets/grafana/admin_email.secret.template @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/src/development/secrets/grafana/admin_password.secret b/src/development/secrets/grafana/admin_password.secret new file mode 100644 index 00000000..6da70038 --- /dev/null +++ b/src/development/secrets/grafana/admin_password.secret @@ -0,0 +1 @@ +grafana \ No newline at end of file diff --git a/src/development/secrets/grafana/admin_password.secret.template b/src/development/secrets/grafana/admin_password.secret.template new file mode 100644 index 00000000..a6bb01c1 --- /dev/null +++ b/src/development/secrets/grafana/admin_password.secret.template @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/src/development/secrets/grafana/admin_user.secret b/src/development/secrets/grafana/admin_user.secret new file mode 100644 index 00000000..6da70038 --- /dev/null +++ b/src/development/secrets/grafana/admin_user.secret @@ -0,0 +1 @@ +grafana \ No newline at end of file diff --git a/src/development/secrets/grafana/admin_user.secret.template b/src/development/secrets/grafana/admin_user.secret.template new file mode 100644 index 00000000..a6bb01c1 --- /dev/null +++ b/src/development/secrets/grafana/admin_user.secret.template @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/src/development/stack.yml b/src/development/stack.yml index b2467938..ef0f0bda 100644 --- a/src/development/stack.yml +++ b/src/development/stack.yml @@ -4,6 +4,15 @@ # https://github.com/maevsi/vibetype/ --- secrets: + grafana_admin_email: + # The observation dashboard's admin email. + file: ./secrets/grafana/admin_email.secret + grafana_admin_password: + # The observation dashboard's admin password. + file: ./secrets/grafana/admin_password.secret + grafana_admin_user: + # The observation dashboard's admin user. + file: ./secrets/grafana/admin_user.secret grafana_discord_webhook: # The observation dashboard's contact point for Discord. file: ./secrets/grafana/discord_webhook.secret @@ -161,15 +170,24 @@ services: - traefik.http.routers.grafana_secure.tls.options=mintls13@file #DARGSTACK-REMOVE - traefik.http.services.grafana.loadbalancer.server.port=3000 environment: + GF_DATABASE_HOST: postgres:5432 + GF_DATABASE_PASSWORD__FILE: /run/secrets/postgres_role_service_grafana_password + GF_DATABASE_TYPE: postgres + GF_DATABASE_USER__FILE: /run/secrets/postgres_role_service_grafana_username + GF_SECURITY_ADMIN_EMAIL__FILE: /run/secrets/grafana_admin_email + GF_SECURITY_ADMIN_PASSWORD__FILE: /run/secrets/grafana_admin_password + GF_SECURITY_ADMIN_USER__FILE: /run/secrets/grafana_admin_user GF_SERVER_ROOT_URL: https://grafana.${STACK_DOMAIN}/ image: grafana/grafana:12.0.1 secrets: + - grafana_admin_email + - grafana_admin_password + - grafana_admin_user - grafana_discord_webhook - postgres_db - postgres_role_service_grafana_password - postgres_role_service_grafana_username volumes: - - ./configurations/grafana/grafana.ini:/etc/grafana/grafana.ini:ro - ../production/configurations/grafana/dashboards:/var/lib/grafana/dashboards:ro - ../production/configurations/grafana/provisioning:/etc/grafana/provisioning:ro - grafana_data:/var/lib/grafana diff --git a/src/production/configurations/grafana/grafana.ini b/src/production/configurations/grafana/grafana.ini deleted file mode 100644 index 152f5ccd..00000000 --- a/src/production/configurations/grafana/grafana.ini +++ /dev/null @@ -1,10 +0,0 @@ -[database] -host = postgres:5432 -password = $__file{/run/secrets/postgres_role_service_grafana_password} -type = postgres -user = $__file{/run/secrets/postgres_role_service_grafana_username} - -[security] -admin_email = $__file{/run/secrets/grafana_admin_email} -admin_password = $__file{/run/secrets/grafana_admin_password} -admin_user = $__file{/run/secrets/grafana_admin_user} diff --git a/src/production/production.yml b/src/production/production.yml index fbb7deac..1cbd937b 100644 --- a/src/production/production.yml +++ b/src/production/production.yml @@ -1,13 +1,4 @@ secrets: - grafana_admin_email: - # The observation dashboard's admin email. - external: true - grafana_admin_password: - # The observation dashboard's admin password. - external: true - grafana_admin_user: - # The observation dashboard's admin user. - external: true postgres-backup_db: # The database's name. external: true