From 4a577d13d875719c126d9f6657b4c37552996bf8 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 5 Jan 2025 23:56:55 +0100 Subject: [PATCH 1/2] build/flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'colmena': 'github:zhaofengli/colmena/e3ad42138015fcdf2524518dd564a13145c72ea1' (2024-11-13) → 'github:zhaofengli/colmena/a6b51f5feae9bfb145daa37fd0220595acb7871e' (2024-12-22) • Updated input 'disko': 'github:nix-community/disko/785c1e02c7e465375df971949b8dcbde9ec362e5' (2024-12-02) → 'github:nix-community/disko/84a5b93637cc16cbfcc61b6e1684d626df61eb21' (2024-12-29) • Updated input 'hydra': 'github:NixOS/hydra/031aaa065bf001099deea946a3ff6bb87766fb7a' (2024-10-20) → 'github:NixOS/hydra/4f09fb5df2e281f4ab6b3512a00bae9185bb6dfe' (2025-01-05) • Added input 'hydra/libgit2': 'github:libgit2/libgit2/36f7e21ad757a3dacc58cf7944329da6bc1d6e96' (2024-05-16) • Updated input 'hydra/nix/flake-compat': 'github:edolstra/flake-compat/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9' (2023-01-17) → follows 'hydra' • Updated input 'hydra/nix/flake-parts': 'github:hercules-ci/flake-parts/9126214d0a59633752a136528f5f3b9aa8565b7d' (2024-04-01) → follows 'hydra' • Removed input 'hydra/nix/flake-parts/nixpkgs-lib' • Updated input 'hydra/nix/git-hooks-nix': 'github:cachix/git-hooks.nix/4e743a6920eab45e8ba0fbe49dc459f1423a4b74' (2024-09-19) → follows 'hydra' • Removed input 'hydra/nix/git-hooks-nix/flake-compat' • Removed input 'hydra/nix/git-hooks-nix/gitignore' • Removed input 'hydra/nix/git-hooks-nix/nixpkgs' • Removed input 'hydra/nix/git-hooks-nix/nixpkgs-stable' • Updated input 'hydra/nix/libgit2': 'github:libgit2/libgit2/36f7e21ad757a3dacc58cf7944329da6bc1d6e96' (2024-05-16) → follows 'hydra/libgit2' • Updated input 'hydra/nix/nixpkgs-23-11': 'github:NixOS/nixpkgs/a62e6edd6d5e1fa0329b8653c801147986f8d446' (2024-05-31) → follows 'hydra' • Updated input 'hydra/nix/nixpkgs-regression': 'github:NixOS/nixpkgs/215d4d0fd80ca5163643b03a33fde804a29cc1e2' (2022-01-24) → follows 'hydra' • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/329ac2aaacb5f1d56725d51d70a997a0aaa07a29' (2024-12-02) → 'github:NixOS/nixpkgs/7ca628eee2eab151f869a04bee8e5df84abf8d1b' (2025-01-05) --- build/flake.lock | 155 ++++++++++------------------------------------- 1 file changed, 32 insertions(+), 123 deletions(-) diff --git a/build/flake.lock b/build/flake.lock index 4a822796..2446aa85 100644 --- a/build/flake.lock +++ b/build/flake.lock @@ -34,11 +34,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1731527002, - "narHash": "sha256-dI9I6suECoIAmbS4xcrqF8r2pbmed8WWm5LIF1yWPw8=", + "lastModified": 1734897875, + "narHash": "sha256-LLpiqfOGBippRax9F33kSJ/Imt8gJXb6o0JwSBiNHCk=", "owner": "zhaofengli", "repo": "colmena", - "rev": "e3ad42138015fcdf2524518dd564a13145c72ea1", + "rev": "a6b51f5feae9bfb145daa37fd0220595acb7871e", "type": "github" }, "original": { @@ -94,11 +94,11 @@ ] }, "locked": { - "lastModified": 1733168902, - "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=", + "lastModified": 1735468753, + "narHash": "sha256-2dt1nOe9zf9pDkf5Kn7FUFyPRo581s0n90jxYXJ94l0=", "owner": "nix-community", "repo": "disko", - "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5", + "rev": "84a5b93637cc16cbfcc61b6e1684d626df61eb21", "type": "github" }, "original": { @@ -123,44 +123,6 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "hydra", - "nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "locked": { "lastModified": 1659877975, @@ -194,41 +156,6 @@ "type": "github" } }, - "git-hooks-nix": { - "inputs": { - "flake-compat": [ - "hydra", - "nix" - ], - "gitignore": [ - "hydra", - "nix" - ], - "nixpkgs": [ - "hydra", - "nix", - "nixpkgs" - ], - "nixpkgs-stable": [ - "hydra", - "nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1726745158, - "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -252,17 +179,18 @@ }, "hydra": { "inputs": { + "libgit2": "libgit2", "nix": "nix", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1729382824, - "narHash": "sha256-7+RulL3cVybAsUYvwiSoUOy/MnN+z5rbVm7cYr5a6Lg=", + "lastModified": 1736117731, + "narHash": "sha256-iF5SgYaQN9p1AqCGi7rZRAusW1rueupWBBoW/TK38O4=", "owner": "NixOS", "repo": "hydra", - "rev": "031aaa065bf001099deea946a3ff6bb87766fb7a", + "rev": "4f09fb5df2e281f4ab6b3512a00bae9185bb6dfe", "type": "github" }, "original": { @@ -291,16 +219,29 @@ }, "nix": { "inputs": { - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts", - "git-hooks-nix": "git-hooks-nix", - "libgit2": "libgit2", + "flake-compat": [ + "hydra" + ], + "flake-parts": [ + "hydra" + ], + "git-hooks-nix": [ + "hydra" + ], + "libgit2": [ + "hydra", + "libgit2" + ], "nixpkgs": [ "hydra", "nixpkgs" ], - "nixpkgs-23-11": "nixpkgs-23-11", - "nixpkgs-regression": "nixpkgs-regression" + "nixpkgs-23-11": [ + "hydra" + ], + "nixpkgs-regression": [ + "hydra" + ] }, "locked": { "lastModified": 1726787955, @@ -395,45 +336,13 @@ "type": "github" } }, - "nixpkgs-23-11": { - "locked": { - "lastModified": 1717159533, - "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", - "type": "github" - } - }, - "nixpkgs-regression": { - "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1733175591, - "narHash": "sha256-xDaG4pXur5DHzXMiVh2b4ZWOD41FKlj+8T+NmdzXGxs=", + "lastModified": 1736080869, + "narHash": "sha256-M4+plf7HjYOAvmZ3rpMHz5rZF+ExNyTnm/7F1iBK2Jg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "329ac2aaacb5f1d56725d51d70a997a0aaa07a29", + "rev": "7ca628eee2eab151f869a04bee8e5df84abf8d1b", "type": "github" }, "original": { From f5aa39ef8b30fb6c2296355f303fadbf1a7e90dc Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 6 Jan 2025 00:15:56 +0100 Subject: [PATCH 2/2] fastly-exporter: migrate api token to environment file --- build/pluto/prometheus/exporters/fastly.nix | 4 +-- build/secrets.nix | 2 +- build/secrets/fastly-exporter-env.age | 19 +++++++++++ build/secrets/fastly-read-only-api-token.age | 33 -------------------- 4 files changed, 22 insertions(+), 36 deletions(-) create mode 100644 build/secrets/fastly-exporter-env.age delete mode 100644 build/secrets/fastly-read-only-api-token.age diff --git a/build/pluto/prometheus/exporters/fastly.nix b/build/pluto/prometheus/exporters/fastly.nix index da8ec8ca..632dbb99 100644 --- a/build/pluto/prometheus/exporters/fastly.nix +++ b/build/pluto/prometheus/exporters/fastly.nix @@ -1,13 +1,13 @@ { config, ... }: { - age.secrets.fastly-read-only-api-token.file = ../../../secrets/fastly-read-only-api-token.age; + age.secrets.fastly-exporter-env.file = ../../../secrets/fastly-exporter-env.age; services.prometheus = { exporters.fastly = { enable = true; listenAddress = "127.0.0.1"; - tokenPath = config.age.secrets.fastly-read-only-api-token.path; + environmentFile = config.age.secrets.fastly-exporter-env.path; }; scrapeConfigs = [ diff --git a/build/secrets.nix b/build/secrets.nix index a76dcf8e..e1388f0f 100644 --- a/build/secrets.nix +++ b/build/secrets.nix @@ -3,7 +3,7 @@ let secrets = with keys; { alertmanager-matrix-forwarder = [ machines.pluto ]; - fastly-read-only-api-token = [ machines.pluto ]; + fastly-exporter-env = [ machines.pluto ]; hydra-aws-credentials = [ machines.mimas ]; hydra-github-client-secret = [ machines.mimas ]; hydra-mirror-aws-credentials = [ machines.pluto ]; diff --git a/build/secrets/fastly-exporter-env.age b/build/secrets/fastly-exporter-env.age new file mode 100644 index 00000000..cfc0e743 --- /dev/null +++ b/build/secrets/fastly-exporter-env.age @@ -0,0 +1,19 @@ +age-encryption.org/v1 +-> ssh-ed25519 s9hT2g dgCOoedaGMAU+kk+TCYfSGhcEjkT8XOY2O1i/Dc3vW4 +7AmsZxzp5QBVAkaAzSce1axdQtUyJoqeTvLSkQ6j9nw +-> ssh-ed25519 Gr9EaQ pJD5EMbL4SJl75Tal0IVykiPIpIwBjcw867N0c0D4GI +PzGaPo1LnRjlC6qsCxFjplSMrkoMIUFd+m0BeSKndlA +-> ssh-ed25519 3ENwVg o8/QdXUWRL9O8qaBpiZYiDE6Y+P3K539RAgSQFC/Gi0 +7YxQavzqt3G5xxXNdWa4m2R5Yc7xL3yywhnqX/LWWA0 +-> ssh-rsa MuWD+w +UiC3Jo2FMnLWRuOiP4xp1q7a8cIKUGFw8D+jODMfDTbBwdZqyeoUf8a3WvdHmCA0 +NvCpr+CBa7ZQ4oeE9sw9iVdbsvLxR2Ny+zFfNzih2BHR/tbqSFZSZj2oTZcponWj +h6wrAsu1QMQx0Ofpr7kco/DWMGjRofOcKQJbmoqDiKKAsf9rvzhVu/wJvaTNQqAU +Nge6CdKT/vjALtHb2W6GgE6PY+yEbH34iGqC7KCE1nLYHIpwSGBdL9bQRsZhksOh +JLVaure4CH7XTbdvYQVmwK9lN/6DTlxTU/hR+POD4oCGl8mv7ZaeNHV/4IN10C2v +MWeDLGKQO37QgTt82C4eyQ +-> ssh-ed25519 92bXiA NjVy+K4v9VBBR6rcaSNVy6yLzPnOHBq+6oeefTtmb24 +IsWe5OQp9hTOGYkmxMCnp+z2XRxuOhJ6xTVbc+Ucu5Y +--- SflrB0oDOkbOfGHFTHV+lm4ruzKfrPiSC6owWmx3uGA +Bt(J/&:n KTb55 e +p]N01DTk@#s} *'W:+FCp\qz_sl \ No newline at end of file diff --git a/build/secrets/fastly-read-only-api-token.age b/build/secrets/fastly-read-only-api-token.age deleted file mode 100644 index fb5f8ff4..00000000 --- a/build/secrets/fastly-read-only-api-token.age +++ /dev/null @@ -1,33 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 s9hT2g wqTp8O8r/wEE8bNa/VUboow/8SoB+q5aX0gstIJe1Tk -GasnpWejaljM5t3yMBYY0b30RpL3kDn44/cGz+8nJF8 --> ssh-ed25519 UnbSJQ eGn4dqZsm42pB76nrfiN51QWGCStDQoEvP35Mz9uPQc -zdxn8RZpRzJrZZmvzSq3d+9X/K0z0BwA/eGI9W6i1A0 --> ssh-ed25519 Srtq2A Ts70NxhSJZ5PwE7BBWHXqx+otP0KmWML+nJ+Nwnydg8 -rc+lgjjULPKrTnAORTu3EDVIGYvFPgKo8iAp/IX76WI --> ssh-ed25519 KdJNLg 8C2Z9DaioBaoq5PyY59AsQCVj9e+HfxIrpcxmyXeMBY -01njNEn8ZlfVnEA+oL8WU7jtC+hyuyTh+yeAj8IYzlY --> ssh-ed25519 92bXiA LHy3B7NuYBjB0hiHR5YxLMhiealVQxGl0ljenOb7Aks -lcX1qLAlV0ljd7fv6LCTSOIGZkxaH+IaYrierg0kk1k --> ssh-rsa ytBgrw -KxlcSWzlS1O1KHVeaR3EGGUmBfc1m3i9YXxgfms3OKv1mUphJTGvO3SwRp9KGFQk -Q2aPBBwMXM7zWtE0iKDlTeB/a1R+gn5w7pTyD9UYkOFTXv/Yh2DFljKC8aOP8VCo -4N2Lt7jwQiyBCaG/Cc1943MCsjevdDn6Je8X95mt6DRqIaLSaV+tboCMhey/pL9s -SScKFU/3sTgfYoGEA3YP3yBv/gbkGlelV9G07sDu6COS5LAwWt1Wooxi0ET6RzSS -i2tcMgBULZIO/hMF+Kt32W56fcf+PF9fmOkRWeuC+kLyoThulFrNIeCPZ7CnzRSa -J28q/L5YbFghelh8nWSUKA --> ssh-rsa MuWD+w -Cg+VMjxeWBQtjGphRlcYVPmpaV1ShkKoqvlBkSdYEiRa5h2mLDx/s63FCtXCpjmO -oYZvB0VUCeHzGmYebu8nEGpRJuwUw6C+Ejut/GnwKOkcA/D5mLJPLwcPyVKY38lX -RSYEYzuaDGTlvIxloB3dw+mW3kWRZcvB1TX7F/arnuwkz+s2jW679XUvTCUnvlOG -brDcQoKAghhLaYNzZZPft/N9YK8ywLwlcW6uBIJN33tUXS0ZwXcPjmM1k+OgJ3th -mWobeQYNxoBvwo9E1T3yz7N5tCJqZ/Ix4iT7+EKexxpwvFjH6Fna+b6/DvFx53O0 -5VLsiTYlp8KKLJm035hP5Q --> ssh-ed25519 K3b7BA CjZtz+pn8jqoBbzp8U3caRlxWvcLsWyjHH2sRl9BMRQ -QoBGyLAHDlYaSxc8K2HZvR0cdcb0yZRIXdPgs4Zoi7Q --> ssh-ed25519 Gr9EaQ bmNWcxfSwtd/tianaRombNTbLpMnYVqWh3ze0qKUTgQ -/wEMQV2zepcjJHcwO+WqY+xLO0ShztOj7w2mPV+6Cbo --> ssh-ed25519 3ENwVg 8we4E3rQ1R54YYuWKI8dcdnX0yfkbmJr9wVVQMDwWEo -c1vttj5ouOJGPXW6OGiobQ/27QOetfAGKAhOlKvgcKs ---- jasdUE7jiBFACGkrwDQLiYkOHfs3Nev35yZ6nfXzv9Q -?v%+S]1k}'#?} VrLtErBvd Q1nd-? \ No newline at end of file