fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nix-infra/config/hosts/metrics-nekomesh/grafana.nix

54 lines
2.1 KiB
Nix
Raw Blame History

{ config, ... }:
{
services.grafana = {
enable = true;
settings = {
server = {
domain = "mesh.nekover.se";
root_url = "https://${config.services.grafana.settings.server.domain}";
};
security = {
cookie_secure = true;
cookie_samesite = "strict";
admin_user = "admin";
admin_password = "$__file{/secrets/metrics-nekomesh-grafana-admin-password.secret}";
admin_email = "fi@nekover.se";
};
smtp = {
enabled = true;
host = "mail.grzb.de:465";
user = "nekomesh@grzb.de";
password = "$__file{/secrets/mail-nekomesh-nekover-se.secret}";
from_address = "nyareply@nekover.se";
from_name = "Nekomesh";
startTLS_policy = "NoStartTLS";
};
"auth.generic_oauth" = {
enabled = true;
name = "Nekoverse ID";
allow_sign_up = true;
client_id = "nekomesh";
client_secret = "$__file{/secrets/metrics-nekomesh-grafana-keycloak-client-secret.secret}";
scopes = "openid email profile offline_access roles";
email_attribute_path = "email";
login_attribute_path = "preferred_username";
name_attribute_path = "preferred_username";
auth_url = "https://id.nekover.se/realms/nekoverse/protocol/openid-connect/auth";
token_url = "https://id.nekover.se/realms/nekoverse/protocol/openid-connect/token";
api_url = "https://id.nekover.se/realms/nekoverse/protocol/openid-connect/userinfo";
use_refresh_token = true;
allow_assign_grafana_admin = true;
role_attribute_strict = true;
role_attribute_path = "contains(resource_access.nekomesh.roles[*], 'grafanaadmin') && 'GrafanaAdmin' || contains(resource_access.nekomesh.roles[*], 'admin') && 'Admin' || contains(resource_access.nekomesh.roles[*], 'editor') && 'Editor' || 'Viewer'";
};
};
provision.datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
url = "http://localhost:${builtins.toString config.services.prometheus.port}";
isDefault = true;
}
];
};
}
Reference in a new issue View git blame Copy permalink