This commit is contained in:
parent
541a1f9721
commit
12dd979483
|
@ -32,6 +32,11 @@
|
||||||
owner = "prometheus";
|
owner = "prometheus";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
age.secrets.grafana-client-secret = {
|
||||||
|
file = ../../secrets/monitoring-grafana-client-secret.age;
|
||||||
|
owner = "grafana";
|
||||||
|
};
|
||||||
|
|
||||||
boot.tmp.cleanOnBoot = true;
|
boot.tmp.cleanOnBoot = true;
|
||||||
zramSwap.enable = true;
|
zramSwap.enable = true;
|
||||||
networking.hostName = "monitoring";
|
networking.hostName = "monitoring";
|
||||||
|
@ -48,10 +53,30 @@
|
||||||
feature_toggles = {
|
feature_toggles = {
|
||||||
publicDashboards = true;
|
publicDashboards = true;
|
||||||
};
|
};
|
||||||
|
log = {
|
||||||
|
filters = "oauth.generic_oauth:debug";
|
||||||
|
};
|
||||||
server = {
|
server = {
|
||||||
domain = "grafana.gmem.ca";
|
domain = "grafana.gmem.ca";
|
||||||
http_port = 2342;
|
http_port = 2342;
|
||||||
http_addr = "127.0.0.1";
|
http_addr = "127.0.0.1";
|
||||||
|
root_url = "https://grafana.gmem.ca";
|
||||||
|
};
|
||||||
|
auth = {
|
||||||
|
signout_redirect_url = "https://authentik.gmem.ca/application/o/grafana/end-session/";
|
||||||
|
oauth_auto_login = true;
|
||||||
|
};
|
||||||
|
"auth.generic_oauth" = {
|
||||||
|
name = "authentik";
|
||||||
|
client_id = "VbOQzwuf0UK9AUGrWvaVaWWHvX2fJsZChxJNGt61";
|
||||||
|
client_secret = "$__file{${config.age.secrets.grafana-client-secret.path}}";
|
||||||
|
auth_url = "https://authentik.gmem.ca/application/o/authorize/";
|
||||||
|
api_url = "https://authentik.gmem.ca/application/o/userinfo/";
|
||||||
|
token_url = "https://authentik.gmem.ca/application/o/token/";
|
||||||
|
enabled = true;
|
||||||
|
scopes = "openid email grafana-user";
|
||||||
|
role_attribute_path = "contains(info.groups[*], 'Grafana Admins') && 'Admin' || contains(info.groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'";
|
||||||
|
role_attribute_strict = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -18,4 +18,6 @@ in
|
||||||
"secrets/fastmail-smtp.age".publicKeys = machines ++ users;
|
"secrets/fastmail-smtp.age".publicKeys = machines ++ users;
|
||||||
"secrets/healthchecks-telegram.age".publicKeys = [ monitoring gsimmer ];
|
"secrets/healthchecks-telegram.age".publicKeys = [ monitoring gsimmer ];
|
||||||
"secrets/cloudflare-dns.age".publicKeys = machines ++ users;
|
"secrets/cloudflare-dns.age".publicKeys = machines ++ users;
|
||||||
|
"secrets/monitoring-grafana-client-secret.age".publicKeys = [monitoring gsimmer ];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
12
secrets/monitoring-grafana-client-secret.age
Normal file
12
secrets/monitoring-grafana-client-secret.age
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 J+a91w MspB+ESDy17zh+NaXVVvkDzJwmd6xvDZRLKLknI0HD0
|
||||||
|
lbDHx++2KiLriLPS7xen9gUBio3qhvTTjmRfsneY3jw
|
||||||
|
-> ssh-ed25519 qbziOw IYugyWtXbgT+Vog5LxA1uIBDuiUt9sHhl0y3raBbMjU
|
||||||
|
eXdKqKoNyvySpdwWz5iN1wMQQFS8ywsw0ewxZ0uPLIk
|
||||||
|
-> *k0)-grease
|
||||||
|
zR3oS3o1GDM0/uiHjtSfaxUemA+d8W3NITQqLIo74pxWnGcTNrBj9dfRVWrf6oBp
|
||||||
|
0p/FspjSLfruaATq9bU/REl+zLICKAy1oIpeq8gMA5yWsqh3lfiHntNF1lO3iGFn
|
||||||
|
|
||||||
|
--- 6FsNkLYmYMYsJ8Ao4fUoJ9lJqm2k+mXM6lLepEzO/h0
|
||||||
|
³<EFBFBD>”?@p«2~øCŠ˜
|
||||||
|
óÎ1ôÂÆxâfiÏLÚ@õž}®ÃËJ¨V×ÖËòk¯ÜÎà´m`V€'˜œÜéÂzÔ.Ïþ”ëú n&g²Ó
ΛïG1îUz©èLâ¸qÇæ >÷<>#ø¨´*°ê<C2B0>•ïrYèyú|Ñ–RYP£%ônÛç!œzÇòºBË£Q#Ôüõv¾ëÌ<C3AB><C38C>yË‚
|
Loading…
Reference in a new issue