grafana: fix ldap group seeding
This commit is contained in:
parent
e12024d668
commit
999999920e
|
@ -220,6 +220,12 @@
|
|||
internalIp4 = hosts4.auth;
|
||||
internalIp6 = hosts6.up4.auth;
|
||||
ldapPreset = true;
|
||||
seedSettings.groups = lib.singleton {
|
||||
long_name = "Grafana Administrators";
|
||||
name = "grafana-admins";
|
||||
dont_manage_members = true;
|
||||
permissions = {};
|
||||
};
|
||||
};
|
||||
|
||||
postgresql.upgrade = {
|
||||
|
|
|
@ -1,8 +1,5 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
ldapGroup = "grafana-admins";
|
||||
in
|
||||
{
|
||||
microvm.mem = 4096;
|
||||
c3d2.deployment.server = "server10";
|
||||
|
@ -61,7 +58,7 @@ in
|
|||
icon = "signin";
|
||||
name = "auth.c3d2.de";
|
||||
oauth_auto_login = true; # redirect automatically to the only oauth provider
|
||||
role_attribute_path = "contains(groups[*], '${ldapGroup}') && 'Admin'";
|
||||
role_attribute_path = "contains(groups[*], 'grafana-admins') && 'Admin'";
|
||||
# https://dexidp.io/docs/custom-scopes-claims-clients/
|
||||
scopes = "openid email groups profile offline_access";
|
||||
token_url = "https://auth.c3d2.de/dex/token";
|
||||
|
@ -108,13 +105,6 @@ in
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
portunus.seedingSettings.groups = lib.singleton {
|
||||
long_name = "Grafana Administrators";
|
||||
name = ldapGroup;
|
||||
dont_manage_members = true;
|
||||
permissions = {};
|
||||
};
|
||||
};
|
||||
|
||||
sops = {
|
||||
|
|
Loading…
Reference in New Issue