From 573a37010fac2c1ff893257be19a1f2842ce11e1 Mon Sep 17 00:00:00 2001
From: Jesse Luehrs <doy@tozt.net>
Date: Sat, 3 Jul 2021 23:26:51 -0400
Subject: use basic auth for grafana

---
 modules/tozt/files/nginx/grafana-tls.conf | 2 ++
 modules/tozt/manifests/prometheus.pp      | 9 +++++++++
 2 files changed, 11 insertions(+)

diff --git a/modules/tozt/files/nginx/grafana-tls.conf b/modules/tozt/files/nginx/grafana-tls.conf
index 5fc5de4..49d2528 100644
--- a/modules/tozt/files/nginx/grafana-tls.conf
+++ b/modules/tozt/files/nginx/grafana-tls.conf
@@ -9,6 +9,8 @@ server {
 
     location / {
         proxy_pass http://127.0.0.1:3001/;
+        auth_basic "grafana";
+        auth_basic_user_file "/media/persistent/grafana.htpasswd";
     }
 }
 # vim:ft=nginx
diff --git a/modules/tozt/manifests/prometheus.pp b/modules/tozt/manifests/prometheus.pp
index 05ad53c..84ead88 100644
--- a/modules/tozt/manifests/prometheus.pp
+++ b/modules/tozt/manifests/prometheus.pp
@@ -54,4 +54,13 @@ class tozt::prometheus {
     "grafana":
       source => 'puppet:///modules/tozt/nginx/grafana.conf';
   }
+
+  secret { "/media/persistent/grafana.htpasswd":
+    source => "grafana",
+    owner => 'http',
+    require => [
+      Class["tozt::persistent"],
+      Package['nginx'],
+    ];
+  }
 }
-- 
cgit v1.2.3-54-g00ecf