From 92db38383e14604c7f261560921202cf2abf0e2f Mon Sep 17 00:00:00 2001 From: xinyangli Date: Mon, 2 Dec 2024 10:43:43 +0800 Subject: [PATCH] modules/prometheus: fix basic auth scrape --- .sops.yaml | 6 ++++ machines/massicot/kanidm-provision.nix | 16 ++++++++- machines/secrets.yaml | 49 +++++++++++++++----------- machines/thorite/monitoring.nix | 2 -- overlays/my-lib/prometheus.nix | 2 +- 5 files changed, 51 insertions(+), 24 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index adfc3d5..dded97c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -17,6 +17,7 @@ creation_rules: - *host-calcite - *host-massicot - *host-thorite + - *host-biotite - path_regex: machines/calcite/secrets.yaml key_groups: - age: @@ -32,6 +33,11 @@ creation_rules: - age: - *xin - *host-massicot + - paht_regex: machines/biotite/secrets.yaml + key_groups: + - age: + - *xin + - *host-biotite - path_regex: machines/thorite/secrets.yaml key_groups: - age: diff --git a/machines/massicot/kanidm-provision.nix b/machines/massicot/kanidm-provision.nix index ef8323b..8a95a99 100644 --- a/machines/massicot/kanidm-provision.nix +++ b/machines/massicot/kanidm-provision.nix @@ -108,6 +108,20 @@ ]; }; }; + gotosocial = { + displayName = "GoToSocial"; + originUrl = "https://gts.xiny.li/auth/callback"; + originLanding = "https://gts.xiny.li/auth/callback"; + allowInsecureClientDisablePkce = true; + scopeMaps = { + gts-users = [ + "openid" + "email" + "profile" + "groups" + ]; + }; + }; # It's used for all the clients. I'm too lazy to change the name. owncloud-android = { displayName = "ownCloud Apps"; @@ -147,7 +161,7 @@ immich = { displayName = "Immich"; originUrl = [ - "https://immich.xinyang.life:8000/api/oauth/mobile-redirect" + "https://immich.xinyang.life:8000/api/oauth/mobile-redirect/" "https://immich.xinyang.life:8000/auth/login" "https://immich.xinyang.life:8000/user-settings" ]; diff --git a/machines/secrets.yaml b/machines/secrets.yaml index 25aa038..e179455 100644 --- a/machines/secrets.yaml +++ b/machines/secrets.yaml @@ -10,38 +10,47 @@ sops: - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvRTNjSmw3WkgxMGtVSW9C - ZzFDdWUwY3FLOEZHUmtGdWkwYkd5NXI4S3dvCk1WdUx6Qk1sbzkxQU5TQU53c2lx - bWtNZ0U3cGVnWWd3VGczNmhuVEFTMDgKLS0tIDU4T0EvZzF6d0dJaWoyN0dqOVJl - RDRRS0RYNnI0OEtXNTFrL1R1aVczd28KqVk9onzsphU0pHwqhjpKVQ8hOjdcIRJ0 - 3dsI05nKRGjx/1yZBgGNbOR7LE+w63zR7KBoHYa49FEpWGiy54j2ZQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmUUtKcU0va1F3SjFzcktl + S0FJNHlTUzBkMWlydGRjM1Y4SGd2SXpMVTJRCmtRSW9wNW9xMDBaQ0YzUWM4YjRz + SVRDNHRjNG5hTHBOOHorTTlJU1BwY1EKLS0tIEpLREJ1VzFaalczZlhKaitHVTJU + MDdJaVBtVmw4WTlBUEF5WXJSVFRFeDAKnvF6CmnU8hxXSdKQPUJqPT7Dewl4REOH + wDQELRaDkMPMKEOAc6wCmXNErvj/I7w7wuvB5WxtanC7g4IEphD6aA== -----END AGE ENCRYPTED FILE----- - recipient: age1ytwfqfeez3dqtazyjltn7mznccwx3ua8djhned7n8mxqhw4p6e5s97skfa enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWlk1QWFERzNaZEo2NDhl - cmF6VGNzYnprYXU4ZUsrRnEwK1R0WjFvOEdJCnRQdXExOTVoYlZkSFJqeGQ2QWNQ - T2pkTHdmMDlQczVrd290a0s2MWsvQjQKLS0tIFJVRStURG1vaUFFV2U2THFaazlX - THZPclpjL3FuSlplOUorQVVQYWt4ZTgKla/Ibk00Pz9m3p/E3qVyTWC/6yWzGC0j - bILtkm8rzGx2akXcC/9pIE1+g6Y+x9c7gBJ3aitO7DF7TVgW4DQYUQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBS2xqbWp0NkFMVm1Cci82 + d0ZmRXdRc2FFSklHNnZtV1Z0REFIelZDQ1U4CllmdllNVnp3WmpCeDNBRzVFbVR5 + WkJFMGs5ZWJEK1lSWDQwYUdOdFJseGcKLS0tIEZUU254aWtYdWthL3I2UkJ0eklj + WHhrRlRvLzlmY0REYktGSlh3MENzRzgKzO1XqXhcXAxfn86+IY+ccBII1SGYctAk + +ArpGmXaf53RFmPLSzMGNaiJzfhqk9U9bn3WV9CFdaA7Rtec0ZAcNw== -----END AGE ENCRYPTED FILE----- - recipient: age1jle2auermhswqtehww9gqada8car5aczrx43ztzqf9wtcld0sfmqzaecta enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPQ1lLcFZTcld3UVpiTWZU - aDZaSFAwN1Nzdlhmam8xTUZNSnpWSHRHM25NCklEUGVUUEg1emVJUHB2TENqY2R1 - Z1ZKNUl4QXd0bGU5bk82Z2YzTnpCWTAKLS0tIFJrWkRvMGxEOWFlQ29rUSs3bkgw - QjJ6V2czTnM0WFFvOGUza0dBalFMdXMKDh65zI+4C/M5u5L8F7ditFxIeAHmNoqu - mAehEmA+iPcnc/+q7aMVnTxsLgbRwrmPpvGKvUaLtPr1pOLpHtvuUw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBycmppSGR1YTMzTTJQSmx0 + eFlRQWpPRTR1L042MXlqd3dURStjaUZjR1M4Ci9VdzZkSmN3d1BDNTlJdXNSenhZ + MDE1VktBN252L2FYMjJmNEFITGptM3MKLS0tIDNYOEZqNjM1VCtEWDlGdzYveG5j + dEp2bmVQMmV5ZU9Jb3FFSDFoT2NJOE0Kx1ZifyU2WLoHeUmqP9oCUmIl6ZJeytGB + WPMJKcNtuJHL1OWhT0wMiv6NEF5UaYXIlCqSVtXAMy554G4JlX5tQw== -----END AGE ENCRYPTED FILE----- - recipient: age12ng08vjx5jde5ncqutwkd5vm4ygfwy33mzhzwe0lkxzglulgpqusc89r96 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrQ1NicHlhZFU1eDBqZXVk - SGhma1hSTlpKaEdXNnluK1Z6YkdaNnBvREdVClR6NmpRMFNqYlk2RXEyaWlDejFw - UHR3Q0ZFbGpXOFpDdkRsSytkNDJieEUKLS0tIHpMdGVDWjJPaXpvN2FHZ0VTRUF0 - NmF1a3E5djlXK3MyanRaQUhBc1kyaE0KDAk83Aug7BtVcyzo//EWmN/FYD6pQzSE - 0J5tE5dqkI6VzBrSGzosRsXMhuGcRx6r2XBKJWFINwom9Td87aVCcQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OGlRWVM0Z01pYjdqYjEy + TGdhNFhpNEUwSFZaeHNwRkpraFF5RTU2SXhnCm5YWmM5SmdERzZBWTgva1E4MDFm + N0xyUExGV0MvbFF3M0ZRSVEydFNUSGMKLS0tIGxxNWhsSEt4WDR2a2hId1JkVFE3 + enJ6MzJxR0I4eStSQk9ON0dsdjFmRkEKBSGkv1O0vgHSsU3+6AGN7bKQ5lpN7AMT + eqEgWx7juZ7hKzLq1HMbiT61l0FrJNHEMfn15bzn7GsK5YJQvfiq9w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1v5h946jfke6ae8pcgz52mhj26cacqcpl9dmmrrkf37x55rnq2v3szqctvv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjeVlxRk1PZUpUVm1xckRu + ZmMzdHdvKzExaTQxVHYvYjIvblo3b1ZORFJrCkpVdHFLbCtNS0xnamJ0T250YzUy + Uy9Xd0tMa3FSVlRkQXFaTWJVem9uWGsKLS0tIFRmT0VzL0hlLzkrRTZxcWtLN3Qv + YVMya3dUazFyaWRNNDJ3OVNIVXJLVTQK+7MxkmBjPszozXUO+zVaWdsovDmhWAfz + 8puIpXpWZY09BkS0vs4oNhiVA9PD11TBIVCEbC5E1TwpwboMXBYhCQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-11-30T06:31:42Z" mac: ENC[AES256_GCM,data:xh8x9IrQ01ZzdcCTIfBrifIGduMYVmSSP52BkTyr/bx7AgQAz2WeA7LFrccxIayCGHrQKfMQDLUKJ/EBamG/6p8AX6QqZBTfqFD688ZhmRfxgpj7fYR9jPYnhb/9XHI9R2jTaJWwrorXvu3pa+Gy/hWB3Kb+WZc3fslmIuKuLH0=,iv:GDrHSFZxPbpACdusVDPHXEjeEusYfk53N/KGHtdvrYo=,tag:ap38sCSTZVDQ0ZazXM3vlg==,type:str] diff --git a/machines/thorite/monitoring.nix b/machines/thorite/monitoring.nix index 565da59..2f2b685 100644 --- a/machines/thorite/monitoring.nix +++ b/machines/thorite/monitoring.nix @@ -61,12 +61,10 @@ with my-lib; address = "rss.xinyang.life"; } { - inherit passwordFile; name = "ntfy"; address = "ntfy.xinyang.life"; } { - inherit passwordFile; name = "grafana-eu"; address = "grafana.xinyang.life"; } diff --git a/overlays/my-lib/prometheus.nix b/overlays/my-lib/prometheus.nix index e4c87cd..da43f77 100644 --- a/overlays/my-lib/prometheus.nix +++ b/overlays/my-lib/prometheus.nix @@ -18,7 +18,7 @@ in static_configs = [ { targets = [ "${address}${mkPort port}" ]; } ]; } // ( - if isNull null then + if isNull passwordFile then { } else {