From 784f450002f32ffb644d3f1036a9795b58af07cd Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sat, 19 Aug 2023 11:55:48 +0200 Subject: [PATCH] change grafana oauth config --- hosts/web-01.cloonar.com/modules/grafana.nix | 36 +++++++++----------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/hosts/web-01.cloonar.com/modules/grafana.nix b/hosts/web-01.cloonar.com/modules/grafana.nix index 3160dbd..f565bf7 100644 --- a/hosts/web-01.cloonar.com/modules/grafana.nix +++ b/hosts/web-01.cloonar.com/modules/grafana.nix @@ -28,24 +28,6 @@ let grafana_admin = true # Available in Grafana v5.3 and above ''; }; - oauth = pkgs.writeTextFile { - name = "oauth.toml"; - text = '' - name = Authelia - icon = signin - client_id = grafana - client_secret = "$__file{/run/secrets/grafana-oauth-secret}" - scopes = openid profile email groups - empty_scopes = false - auth_url = https://auth.cloonar.com/api/oidc/authorization - token_url = https://auth.cloonar.com/api/oidc/token - api_url = https://auth.cloonar.com/api/oidc/userinfo - login_attribute_path = preferred_username - groups_attribute_path = groups - name_attribute_path = name - use_pkce = true - ''; - }; in { services.grafana = { @@ -55,8 +37,22 @@ in "auth.ldap".enabled = true; "auth.ldap".config_file = toString ldap; - "auth.generic_oauth".enabled = true; - "auth.generic_oauth".config_file = toString oauth; + "auth.generic_oauth" = { + enabled = true; + name = "Authelia"; + icon = "signin"; + client_id = "grafana"; + client_secret = "$__file{/run/secrets/grafana-oauth-secret}"; + scopes = "openid profile email groups"; + empty_scopes = false; + auth_url = "https://auth.cloonar.com/api/oidc/authorization"; + token_url = "https://auth.cloonar.com/api/oidc/token"; + api_url = "https://auth.cloonar.com/api/oidc/userinfo"; + login_attribute_path = "preferred_username"; + groups_attribute_path = "groups"; + name_attribute_path = "name"; + use_pkce = true; + } "auth.anonymous".enabled = true; "auth.anonymous".org_name = "Cloonar e.U.";