2022-03-12 10:07:52 -08:00
resource "nomad_job" "grafana" {
2022-07-21 15:54:05 -07:00
jobspec = templatefile("${path.module}/grafana.nomad", {
2022-11-02 12:32:27 -07:00
module_path = path.module
2023-08-24 12:36:47 -07:00
use_wesher = var.use_wesher
2022-07-21 15:54:05 -07:00
2023-03-24 11:24:36 -07:00
2023-01-06 23:07:33 -08:00
depends_on = [nomad_job.prometheus]
2022-03-12 10:07:52 -08:00
2023-08-29 12:48:48 -07:00
2023-08-29 15:11:40 -07:00
resource "nomad_acl_policy" "grafana_smtp_secrets" {
name = "grafana-secrets-smtp"
description = "Give access to MySQL secrets"
rules_hcl = <<EOH
namespace "default" {
variables {
path "secrets/smtp" {
capabilities = ["read"]
job_acl {
job_id = "grafana"
group = "grafana"
task = "grafana"
2023-08-29 12:48:48 -07:00
# Generate secrets and policies for access to MySQL
resource "nomad_acl_policy" "grafana_mysql_bootstrap_secrets" {
name = "grafana-secrets-mysql"
description = "Give access to MySQL secrets"
rules_hcl = <<EOH
namespace "default" {
variables {
path "secrets/mysql" {
capabilities = ["read"]
job_acl {
job_id = "grafana"
group = "grafana"
task = "mysql-bootstrap"
resource "random_password" "grafana_mysql_psk" {
length = 32
override_special = "!@#%&*-_="
resource "nomad_variable" "grafana_mysql_psk" {
path = "secrets/mysql/allowed_psks/grafana"
items = {
psk = "grafana:${resource.random_password.grafana_mysql_psk.result}"
resource "nomad_acl_policy" "grafana_mysql_psk" {
name = "grafana-secrets-mysql-psk"
description = "Give access to MySQL PSK secrets"
rules_hcl = <<EOH
namespace "default" {
variables {
path "secrets/mysql/allowed_psks/grafana" {
capabilities = ["read"]
job_acl {
job_id = "grafana"
group = "grafana"
task = "stunnel"
2024-08-29 14:07:49 -07:00
module "grafana_oidc" {
source = "./oidc_client"
name = "grafana"
oidc_client_config = {
description = "Grafana"
scopes = [
redirect_uris = [
job_acl = {
job_id = "grafana"
group = "grafana"
task = "grafana"
2024-10-08 10:09:17 -07:00
# resource "nomad_variable" "grafana_config" {
# for_each = fileset("${path.module}/grafana", "**")
# path = "nomad/jobs/grafana/${replace(each.key, ".", "_")}"
# items = {
# path = "${each.key}"
# value = file("${path.module}/grafana/${each.key}")
# left_delimiter = endswith(each.key, ".json") ? "<<<<" : "{{"
# right_delimiter = endswith(each.key, ".json") ? ">>>>" : "}}"
# }
# }