torjus/nixos-servers
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
e9857afc11a12aad366c0922064f6c73b30ee18d
nixos-servers/services/monitoring
History
Torjus Håkestad e9857afc11
All checks were successful
Run nix flake check / flake-check (push) Successful in 2m12s
Details
Run nix flake check / flake-check (pull_request) Successful in 2m19s
Details
monitoring: use AppRole token for OpenBao metrics scraping 
Instead of creating a long-lived Vault token in Terraform (which gets
invalidated when Terraform recreates it), monitoring01 now uses its
existing AppRole credentials to fetch a fresh token for Prometheus.

Changes:
- Add prometheus-metrics policy to monitoring01's AppRole
- Remove vault_token.prometheus_metrics resource from Terraform
- Remove openbao-token KV secret from Terraform
- Add systemd service to fetch AppRole token on boot
- Add systemd timer to refresh token every 30 minutes

This ensures Prometheus always has a valid token without depending on
Terraform state or manual intervention.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 23:51:11 +01:00
..
alerttonotify.nix
secrets: migrate all hosts from sops to OpenBao vault
2026-02-05 18:43:09 +01:00
alloy.nix
Fix alloy config
2025-05-24 12:42:40 +02:00
default.nix
Add tempo to monitoring
2025-05-24 21:29:05 +02:00
external-targets.nix
monitoring: auto-generate Prometheus scrape targets from host configs
2026-02-05 00:49:07 +01:00
grafana.nix
Add monitoring host
2024-12-01 01:51:34 +01:00
loki.nix
Add monitoring host
2024-12-01 01:51:34 +01:00
prometheus.nix
monitoring: use AppRole token for OpenBao metrics scraping
2026-02-05 23:51:11 +01:00
pve.nix
secrets: migrate all hosts from sops to OpenBao vault
2026-02-05 18:43:09 +01:00
pyroscope.nix
Fix pyroscope ports attribute
2025-05-24 12:01:30 +02:00
rules.yml
auth01: decommission host and remove authelia/lldap services
2026-02-05 23:35:45 +01:00
tempo.nix
Configure tempo otlp reciever endpoint
2025-05-24 22:10:01 +02:00