53 lines
1.9 KiB
Nix
53 lines
1.9 KiB
Nix
{ lib, config, ... }:
|
|
{
|
|
services.grafana = {
|
|
enable = true;
|
|
settings = {
|
|
"auth.generic_oauth" = {
|
|
enabled = "true";
|
|
name = "keycloak";
|
|
allow_sign_up = "true";
|
|
client_id = "grafana";
|
|
# client_secret = "YOUR_APP_CLIENT_SECRET";
|
|
scopes = "openid email profile offline_access roles";
|
|
email_attribute_path = "email";
|
|
login_attribute_path = "username";
|
|
name_attribute_path = "full_name";
|
|
auth_url = "https://id.ny4.dev/realms/ny4/protocol/openid-connect/auth";
|
|
token_url = "https://id.ny4.dev/realms/ny4/protocol/openid-connect/token";
|
|
api_url = "https://id.ny4.dev/realms/ny4/protocol/openid-connect/userinfo";
|
|
role_attribute_path = "contains(resource_access.grafana.roles[*], 'grafanaadmin') && 'GrafanaAdmin' || contains(resource_access.grafana.roles[*], 'admin') && 'Admin' || contains(resource_access.grafana.roles[*], 'editor') && 'Editor' || contains(resource_access.grafana.roles[*], 'viewer') && 'Viewer'";
|
|
allow_assign_grafana_admin = true;
|
|
role_attribute_strict = true;
|
|
};
|
|
analytics = {
|
|
reporting_enabled = false;
|
|
feedback_links_enabled = false;
|
|
};
|
|
auth = {
|
|
disable_login_form = true;
|
|
};
|
|
database = {
|
|
type = "postgres";
|
|
name = "grafana";
|
|
user = "grafana";
|
|
host = "/run/postgresql";
|
|
};
|
|
server = {
|
|
protocol = "socket";
|
|
root_url = "https://grafana.ny4.dev/";
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.services."grafana".serviceConfig.EnvironmentFile =
|
|
config.sops.secrets."grafana/environment".path;
|
|
|
|
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
|
match = lib.singleton { host = [ "grafana.ny4.dev" ]; };
|
|
handle = lib.singleton {
|
|
handler = "reverse_proxy";
|
|
upstreams = [ { dial = "unix/${config.services.grafana.settings.server.socket}"; } ];
|
|
};
|
|
};
|
|
}
|