torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

promtail: fix vault secret ownership for loki auth
Some checks failed
Run nix flake check / flake-check (push) Failing after 12m24s
Details

Browse Source 
The secret file needs to be owned by promtail since Promtail runs
as a dedicated user and can't read root-owned files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Torjus Håkestad
2026-02-17 20:17:02 +01:00
parent 43c81f6688
commit 87d8571d62
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
system/monitoring/logs.nix
View File

@@ -21,6 +21,8 @@ in
vault.secrets.promtail-loki-auth = lib.mkIf config.vault.enable { vault.secrets.promtail-loki-auth = lib.mkIf config.vault.enable {
secretPath = "shared/loki/push-auth"; secretPath = "shared/loki/push-auth";
extractKey = "password"; extractKey = "password";
owner = "promtail";
group = "promtail";
services = [ "promtail" ]; services = [ "promtail" ];
}; };