added secret handling, so the wireguard network stuff is unnecessary

secrets.yaml

@@ -22,6 +22,8 @@ murmur_welcome_message: ENC[AES256_GCM,data:k05ez0/raIbgBMu90NrAg5O1nkucDibQXdj8
 murmur_login_password: ENC[AES256_GCM,data:Fh6XjSxiLEP1jE56D9JRv0TokYOjEafeDkrh9/x5f+Rv4qgH18k54Le4dyl3EzNQ,iv:QbAPJx4xe2DT7AhXbOvQto4M6ICKVlJ/BXoP3ORjd4o=,tag:clHHTrQdi1bzA21gjY7mSg==,type:str]
 forgejo_runner_glucose_token: ENC[AES256_GCM,data:UWzKhDUojVrSWbS2sDyX8xdK9albNoHr9PACjbtd1YKhukfjC0W1ig==,iv:13gymOJQlwWrpz7CMweBf++BsLCJvq6XMv4CMdb32gk=,tag:tPgk6x8GLS9HH2VDuwPdvA==,type:str]
 forgejo_runner_fructose_token: ENC[AES256_GCM,data:vExgJdEHpqzn6DAsMVnE2e3EmgehZMFnPTAV/VYOGvl6kgTYqYoBhA==,iv:dja9VC4Pr9asl/I4ieg5c718V4Nq+pqvB8c7oQD5Qqc=,tag:ynFs2NQX466ECYnsmeUFzg==,type:str]
+grafana_admin_account: ENC[AES256_GCM,data:kDj9o2cpRLmpRVwONBI=,iv:cQfeFhBAVMSysP43J+eDVKAmn1NM+aUN9huraGgpRkY=,tag:AFIr0pwRvHj8ruDAqc2Lww==,type:str]
+grafana_admin_pass: ENC[AES256_GCM,data:AnuVrCJcfj1cHP5W2s5eDlRLaJTOc0T7W3sS2/flnA==,iv:EA0SGXxf9kF+ltmNgcd3rGE7Jmg8/+s3Gip0uByEF9o=,tag:Rm+eSe+H1uytm/MMxMuZpw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -37,8 +39,8 @@ sops:
             NHg3M2l5MWY2alpHdVhIbE5PQ3VxeW8Kr+o5K2EIrPSfIFBWK68mWl4lWJooZxF/
             vKsU99C2iIsbX/eTF2uNQqeDkOqy5egKCG42xikwycGFO/gbnCDIdw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-26T10:35:19Z"
-    mac: ENC[AES256_GCM,data:sP45NUFj0qRLYj3w1bZN2C5gzOef4O7GFtE7GOkDHm4IQ8YaDJW+rt3DHiAqGt34qAHcP4ahDKpsL9S1ZPs4fw+DFUEdWZROUFAMS1OsTurVQUPt08DzC8mi6t3SH4ud6YZw3l6M8eja80BK7KsEBMD4UfxoP4pgQB4oOSRoJn4=,iv:5WJq42Idwu7oMKBQBGuFp44+Bnh/Ncgkuhq0lPi+Rxc=,tag:9O45IrqkMWVtyXgXBv1bmg==,type:str]
+    lastmodified: "2024-12-20T14:08:54Z"
+    mac: ENC[AES256_GCM,data:U4WSALgavBjqt3b3lFXchxEvruG04IqtVikZnuQRyH40Z4f2PM4I5RdCaxyU3CaXPbb8/RQEYSWkLcQZ0HJvqqERLuKl25EqGFEMP5Wph3K5hSBEawk+eE6ep+tSN6bp9H4MIic1vcdn9+2JvBMnIFUEL+1zr0yvmBoz8RiavTc=,iv:rGsaWuvpGwCAWjbp1j2EZN5bQamxPisIsDfzF131HUc=,tag:f4dupyfCkN56ZikSCuHNWA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.1
+    version: 3.9.2

services/caddy/Caddyfile

@@ -53,12 +53,6 @@ https://cache.collective-conciousness.monster {
 https://grf.collective-conciousness.monster {
     encode zstd gzip
 
-    @wireguard-network remote_ip 10.24.1.0/24 127.0.0.1/32
+    reverse_proxy 10.24.1.4:6700
 
-    handle @wireguard-network {
-        reverse_proxy 10.24.1.4:6700
-    }
-    handle {
-        respond "no match. sorgy"
-    }
 }

services/monitoring/grafana.mod.nix

@@ -1,6 +1,6 @@
 {
   glucose.modules = [
-    {
+    ({config, lib, ...}: {
       services.grafana = {
         enable = true;
         dataDir = "/var/services/grafana";
@@ -10,7 +10,10 @@
          # analytics = {};
          # database = {};
          # paths = {};
-         # security = {};
+          security = {
+            admin_user = "$__file" + "{${config.sops.secrets.grafana_admin_account.path}}";
+            admin_password = "$__file" + "{${config.sops.secrets.grafana_admin_pass.path}}";
+          };
           server = {
             root_url = "https://grf.collective-conciousness.monster";
             enable_gzip = true;
@@ -27,6 +30,6 @@
           datasources = {};
         };*/
       };
-    }
+    })
   ];
 }

sops.mod.nix

@@ -54,6 +54,10 @@
         '';
       }
     )
+    ({config, ...}: {
+      sops.secrets.grafana_admin_pass = {};
+      sops.secrets.grafana_admin_account = {};
+    })
     (
       {config, ...}: {
         sops.secrets.murmur_login_password = {};