fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Enable sign in with nekoverse ID on nekomesh

Browse source
This commit is contained in:
fi 2025-11-03 02:55:19 +01:00
commit 0e5427a388
2 changed files with 27 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

20
config/hosts/metrics-nekomesh/grafana.nix
View file

@ -10,7 +10,7 @@
security = {
cookie_secure = true;
cookie_samesite = "strict";
admin_user = "fi";
admin_user = "admin";
admin_password = "$__file{/secrets/metrics-nekomesh-grafana-admin-password.secret}";
admin_email = "fi@nekover.se";
};
@ -23,6 +23,24 @@
from_name = "Nekomesh";
startTLS_policy = "NoStartTLS";
};
"auth.generic_oauth" = {
enabled = true;
name = "Nekoverse ID";
allow_sign_up = true;
client_id = "nekomesh";
client_secret = "$__file{/secrets/metrics-nekomesh-grafana-keycloak-client-secret.secret}";
scopes = "openid email profile offline_access roles";
email_attribute_path = "email";
login_attribute_path = "preferred_username";
name_attribute_path = "preferred_username";
auth_url = "https://id.nekover.se/realms/nekoverse/protocol/openid-connect/auth";
token_url = "https://id.nekover.se/realms/nekoverse/protocol/openid-connect/token";
api_url = "https://id.nekover.se/realms/nekoverse/protocol/openid-connect/userinfo";
use_refresh_token = true;
allow_assign_grafana_admin = true;
role_attribute_strict = true;
role_attribute_path = "contains(resource_access.nekomesh.roles[*], 'grafanaadmin') && 'GrafanaAdmin' || contains(resource_access.nekomesh.roles[*], 'admin') && 'Admin' || contains(resource_access.nekomesh.roles[*], 'editor') && 'Editor' || 'Viewer'";
};
};
provision.datasources.settings.datasources = [
{

8
config/hosts/metrics-nekomesh/secrets.nix
View file

@ -9,6 +9,14 @@
permissions = "0640";
uploadAt = "pre-activation";
};
"metrics-nekomesh-grafana-keycloak-client-secret.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "metrics-nekomesh/grafana/keycloak-client-secret" ];
destDir = "/secrets";
user = "grafana";
group = "grafana";
permissions = "0640";
uploadAt = "pre-activation";
};
"mail-nekomesh-nekover-se.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "mail/nekomesh-nekover-se" ];
destDir = "/secrets";