Micha/homelab-infra
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Restore Dawarich metrics basic auth config

Browse Source
This commit is contained in:
Micha
2026-06-21 23:02:26 +02:00
parent 4cf9e3226e
commit b236eaeeaa
6 changed files with 9 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/SECRETS_MAP.md
+1 -3
View File
@@ -63,8 +63,7 @@ Dieses Dokument listet sensible Daten, deren Ablageorte und die vorgesehene Einb
| Dawarich | DB Password | `/mnt/user/appdata/secrets/dawarich_postgres_password.txt` -> Docker Secret `/run/secrets/dawarich_postgres_password`; Postgres nutzt `POSTGRES_PASSWORD_FILE`, App/Sidekiq lesen per Entrypoint-Export | geplant |
| Dawarich | Redis Password | `/mnt/user/appdata/secrets/dawarich_redis_password.txt` -> Docker Secret `/run/secrets/dawarich_redis_password`; Redis `--requirepass`, App/Sidekiq `REDIS_URL` | geplant |
| Dawarich | Rails `SECRET_KEY_BASE` | `/mnt/user/appdata/secrets/dawarich_secret_key_base.txt` -> Docker Secret `/run/secrets/dawarich_secret_key_base` | geplant |
| Dawarich Metrics | Basic-Auth Password | `/mnt/user/appdata/secrets/dawarich_metrics_password.txt` -> Docker Secret `/run/secrets/dawarich_metrics_password` in Dawarich | aktiv |
| Dawarich Metrics | Prometheus Basic-Auth Credential | `/mnt/user/appdata/secrets/dawarich_metrics_basic_auth.txt` -> Docker Secret `/run/secrets/dawarich_metrics_basic_auth`; Prometheus `authorization.credentials_file` | aktiv |
| Dawarich Metrics | Basic-Auth Password | `/mnt/user/appdata/secrets/dawarich_metrics_password.txt` -> Docker Secret `/run/secrets/dawarich_metrics_password`; Prometheus `password_file` | aktiv |
| Grafana -> Dawarich | Read-only DB Password | `/mnt/user/appdata/secrets/dawarich_grafana_ro_password.txt` -> Docker Secret `/run/secrets/dawarich_grafana_ro_password`; Grafana-Env `DAWARICH_GRAFANA_RO_PASSWORD` | geplant |
| Renovate Bot | Gitea Service-Account PAT | `/mnt/user/appdata/secrets/renovate_token.txt` -> Host-Datei (chmod 600), gelesen von `ops/renovate/run-renovate.sh` und an Renovate-Container als `RENOVATE_TOKEN` weitergegeben | aktiv nach Operator-Setup (siehe `docs/RENOVATE.md`) |
| n8n | Encryption Key fuer interne Credential-Verschluesselung | `/mnt/user/appdata/secrets/n8n_encryption_key.txt` (chmod 600) -> Komodo Stack ENV `${N8N_ENCRYPTION_KEY}`; kein `_FILE`-Support im Upstream-Image | aktiv |
@@ -118,7 +117,6 @@ Dieses Dokument listet sensible Daten, deren Ablageorte und die vorgesehene Einb
|-- dawarich_redis_password.txt
|-- dawarich_secret_key_base.txt
|-- dawarich_metrics_password.txt
|-- dawarich_metrics_basic_auth.txt
|-- dawarich_grafana_ro_password.txt
`-- vaultwarden_admin_token.txt
```