Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add oauth to grafana

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2023-08-19 11:24:46 +02:00
parent 1871feebdb
commit 1d2da78329
3 changed files with 41 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
hosts/web-01.cloonar.com/modules/grafana.nix
View File

@@ -28,6 +28,24 @@ let
grafana_admin = true # Available in Grafana v5.3 and above
'';
};
oauth = pkgs.writeTextFile {
name = "oauth.toml";
text = ''
name = Authelia
icon = signin
client_id = grafana
client_secret = "$__file{/run/secrets/grafana-oauth-secret}"
scopes = openid profile email groups
empty_scopes = false
auth_url = https://auth.cloonar.com/api/oidc/authorization
token_url = https://auth.cloonar.com/api/oidc/token
api_url = https://auth.cloonar.com/api/oidc/userinfo
login_attribute_path = preferred_username
groups_attribute_path = groups
name_attribute_path = name
use_pkce = true
'';;
};
in
{
services.grafana = {
@@ -37,6 +55,9 @@ in
"auth.ldap".enabled = true;
"auth.ldap".config_file = toString ldap;
"auth.generic_oauth".enabled = true;
"auth.generic_oauth".config_file = toString oauth;
"auth.anonymous".enabled = true;
"auth.anonymous".org_name = "Cloonar e.U.";
"auth.anonymous".org_role = "Viewer";
@@ -91,5 +112,6 @@ in
sops.secrets = {
grafana-admin-password.owner = "grafana";
grafana-ldap-password.owner = "grafana";
grafana-oauth-secret.owner = "grafana";
};
}