change grafana oauth config

2023-08-19 11:55:48 +02:00
parent 0212469963
commit 784f450002
1 changed files with 16 additions and 20 deletions
--- a/hosts/web-01.cloonar.com/modules/grafana.nix
+++ b/hosts/web-01.cloonar.com/modules/grafana.nix
@@ -28,24 +28,6 @@ let
      grafana_admin = true # Available in Grafana v5.3 and above
    '';
  };
-  oauth = pkgs.writeTextFile {
-    name = "oauth.toml";
-    text = ''
-      name = Authelia
-      icon = signin
-      client_id = grafana
-      client_secret = "$__file{/run/secrets/grafana-oauth-secret}"
-      scopes = openid profile email groups
-      empty_scopes = false
-      auth_url = https://auth.cloonar.com/api/oidc/authorization
-      token_url = https://auth.cloonar.com/api/oidc/token
-      api_url = https://auth.cloonar.com/api/oidc/userinfo
-      login_attribute_path = preferred_username
-      groups_attribute_path = groups
-      name_attribute_path = name
-      use_pkce = true
-    '';
-  };
 in
 {
  services.grafana = {
@@ -55,8 +37,22 @@ in
      "auth.ldap".enabled = true;
      "auth.ldap".config_file = toString ldap;

-      "auth.generic_oauth".enabled = true;
-      "auth.generic_oauth".config_file = toString oauth;
+      "auth.generic_oauth" = {
+        enabled = true;
+        name = "Authelia";
+        icon = "signin";
+        client_id = "grafana";
+        client_secret = "$__file{/run/secrets/grafana-oauth-secret}";
+        scopes = "openid profile email groups";
+        empty_scopes = false;
+        auth_url = "https://auth.cloonar.com/api/oidc/authorization";
+        token_url = "https://auth.cloonar.com/api/oidc/token";
+        api_url = "https://auth.cloonar.com/api/oidc/userinfo";
+        login_attribute_path = "preferred_username";
+        groups_attribute_path = "groups";
+        name_attribute_path = "name";
+        use_pkce = true;
+      }

      "auth.anonymous".enabled = true;
      "auth.anonymous".org_name = "Cloonar e.U.";