From 98136142b47e4819ceb31faeb309d53df3c3e4b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Tue, 21 Oct 2025 15:05:38 +0200
Subject: [PATCH] monitoring: extend telegraf certificate expiration to 100
 years

The default 30-day expiration was causing certificates to expire
frequently, breaking monitoring. Setting to 100 years provides a
temporary solution until automated certificate rotation is implemented.

Fixes #5605
---
 clanServices/monitoring/telegraf.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/clanServices/monitoring/telegraf.nix b/clanServices/monitoring/telegraf.nix
index fb42c1b20..825c46a5a 100644
--- a/clanServices/monitoring/telegraf.nix
+++ b/clanServices/monitoring/telegraf.nix
@@ -44,8 +44,10 @@
               pkgs.openssl
             ];
 
+            # TODO: Implement automated certificate rotation instead of using a 100-year expiration
             script = ''
               openssl req -x509 -nodes -newkey rsa:4096 \
+                -days 36500 \
                 -keyout "$out"/key \
                 -out "$out"/crt \
                 -subj "/C=US/ST=CA/L=San Francisco/O=Example Corp/OU=IT/CN=example.com"