diff --git a/machines/storage01/influxdb.nix b/machines/storage01/influxdb.nix index cb80ad5..0dc331e 100644 --- a/machines/storage01/influxdb.nix +++ b/machines/storage01/influxdb.nix @@ -18,9 +18,16 @@ in dgnum = { description = "DGNum org"; buckets.telegraf.description = "Telegraf bucket"; - auths.telegraf = { - writeBuckets = [ "telegraf" ]; - tokenFile = token "telegraf"; + auths = { + telegraf = { + writeBuckets = [ "telegraf" ]; + tokenFile = token "telegraf"; + }; + + grafana = { + readPermissions = [ "buckets" ]; + tokenFile = token "grafana"; + }; }; }; }; diff --git a/machines/storage01/secrets/influxdb2-grafana_token_file b/machines/storage01/secrets/influxdb2-grafana_token_file new file mode 100644 index 0000000..98ed7eb Binary files /dev/null and b/machines/storage01/secrets/influxdb2-grafana_token_file differ diff --git a/machines/storage01/secrets/secrets.nix b/machines/storage01/secrets/secrets.nix index 407a70b..52bbbbc 100644 --- a/machines/storage01/secrets/secrets.nix +++ b/machines/storage01/secrets/secrets.nix @@ -7,6 +7,7 @@ lib.setDefault { inherit publicKeys; } [ "forgejo-mailer_password_file" "forgejo_runners-token_file" "garage-environment_file" + "influxdb2-grafana_token_file" "influxdb2-initial_password_file" "influxdb2-initial_token_file" "influxdb2-telegraf_token_file"