many changes

2024-09-03 14:47:06 +02:00
parent fb32b88798
commit 92099bd1e9
44 changed files with 900 additions and 658 deletions
--- a/hosts/web-arm/modules/grafana.nix
+++ b/hosts/web-arm/modules/grafana.nix
@@ -15,7 +15,7 @@ let
      [servers.attributes]
      name = "givenName"
      surname = "sn"
-      username = "uid"
+      username = "mail"
      email =  "mail"
      member_of = "memberOf"

@@ -27,13 +27,17 @@ let
  };
 in
 {
-  systemd.services.grafana.script = lib.mkBefore "export GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=$(cat /run/secrets/grafana-oauth-secret)";
+  systemd.services.grafana.script = lib.mkBefore ''
+    export GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=$(cat /run/secrets/grafana-oauth-secret)
+    export PUSHOVER_API_TOKEN=$(cat /run/secrets/pushover-api-token)
+    export PUSHOVER_USER_KEY=$(cat /run/secrets/pushover-user-key)
+  '';
  services.grafana = {
    enable = true;
    settings = {
      analytics.reporting_enabled = false;
-      # "auth.ldap".enabled = true;
-      # "auth.ldap".config_file = toString ldap;
+      "auth.ldap".enabled = true;
+      "auth.ldap".config_file = toString ldap;

      "auth.generic_oauth" = {
        enabled = true;
@@ -47,6 +51,8 @@ in
        api_url = "https://auth.cloonar.com/api/oidc/userinfo";
        login_attribute_path = "preferred_username";
        groups_attribute_path = "groups";
+        role_attribute_path = "contains(groups, 'Administrators') && 'Admin' || contains(groups, 'editor') && 'Editor' || 'Viewer'";
+        allow_assign_grafana_admin = true;
        name_attribute_path = "name";
        use_pkce = true;
      };
@@ -81,6 +87,37 @@ in

      security.admin_password = "$__file{${config.sops.secrets.grafana-admin-password.path}}";
    };
+    provision = {
+      alerting = {
+        contactPoints.settings = {
+          apiVersion = 1;
+
+          contactPoints = [{
+            orgId = 1;
+            name = "cp_dominik";
+            receivers = [{
+              uid = "dominik";
+              type = "pushover";
+              settings = {
+                security.apiToken = "$__file{${config.sops.secrets.pushover-api-token.path}}";
+                security.userKey = "$__file{${config.sops.secrets.pushover-user-key.path}}";
+                apiToken = "\${PUSHOVER_API_TOKEN}";
+                userKey = "\${PUSHOVER_USER_KEY}";
+                device = "iphone";
+                priority = "2";
+                retry = "30";
+                expire = "120";
+                sound = "siren";
+                okSound = "magic";
+                message = ''
+                  {{ template "default.message" . }}
+                '';
+              };
+            }];
+          }];
+        };
+      };
+    };
  };

  services.nginx.virtualHosts."grafana.cloonar.com" = {
@@ -103,5 +140,7 @@ in
    grafana-admin-password.owner = "grafana";
    grafana-ldap-password.owner = "grafana";
    grafana-oauth-secret.owner = "grafana";
+    pushover-api-token.owner = "grafana";
+    pushover-user-key.owner = "grafana";
  };
 }