grafana: move to nixos-modules
This commit is contained in:
parent
b625818eeb
commit
e5bf878cb3
|
@ -171,6 +171,11 @@
|
|||
gnome-initial-setup.enable = false;
|
||||
};
|
||||
|
||||
grafana.oauth = {
|
||||
adminGroup = "grafana-admins";
|
||||
userGroup = "grafana-users";
|
||||
};
|
||||
|
||||
hedgedoc.ldap.userGroup = "hedgedoc-users";
|
||||
|
||||
home-assistant.ldap.userGroup = "home-assistant-users";
|
||||
|
@ -223,11 +228,6 @@
|
|||
ldapPreset = true;
|
||||
# those can't be under hosts/*/default.nix because those are not imported for the auth microvm
|
||||
seedSettings.groups = [
|
||||
{
|
||||
long_name = "Grafana Administrators";
|
||||
name = "grafana-admins";
|
||||
permissions = {};
|
||||
}
|
||||
{
|
||||
long_name = "Mobilizon Users";
|
||||
name = "mobilizon-users";
|
||||
|
|
12
flake.lock
12
flake.lock
|
@ -362,11 +362,11 @@
|
|||
},
|
||||
"nixos": {
|
||||
"locked": {
|
||||
"lastModified": 1701088943,
|
||||
"narHash": "sha256-x+wLGp8jAq8ObK6uN9TOJXgoaG2N+SSRhiG5GBnBMyM=",
|
||||
"lastModified": 1701458931,
|
||||
"narHash": "sha256-MGeSJCSMgCh29lFJg837Z5JbpF+mKEDwHBYYfQ3xwtU=",
|
||||
"owner": "SuperSandro2000",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "730ac6127efc0144ea067e86a90b56a5c61d7f26",
|
||||
"rev": "562cbe0a293d73460fe974472dfb6e0a47393780",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -398,11 +398,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701034292,
|
||||
"narHash": "sha256-Z9dI1ZGgPqs5HGL/dskfUOZ3wZJq/BNurVPw17nhAbs=",
|
||||
"lastModified": 1701643093,
|
||||
"narHash": "sha256-cJves2E255uJHoQLxdwB/Ipd718IYohE2HRBBse3Q9w=",
|
||||
"owner": "SuperSandro2000",
|
||||
"repo": "nixos-modules",
|
||||
"rev": "99d25ca193cc4d2bfcfe4b3747c793e398f12a50",
|
||||
"rev": "bfc7e254acbf9ab43658893e367f3944811f9685",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -18,8 +18,6 @@
|
|||
paths = [ "/var/lib/portunus/" ];
|
||||
};
|
||||
|
||||
dex.settings.oauth2.skipApprovalScreen = true;
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."auth.c3d2.de" = {
|
||||
|
|
|
@ -24,6 +24,13 @@
|
|||
|
||||
grafana = {
|
||||
enable = true;
|
||||
configureNginx = true;
|
||||
oauth = {
|
||||
enable = true;
|
||||
adminGroup = "grafana-admins";
|
||||
enableViewerRole = true;
|
||||
userGroup = "grafana-users";
|
||||
};
|
||||
|
||||
provision = {
|
||||
enable = true;
|
||||
|
@ -50,24 +57,7 @@
|
|||
enabled = true;
|
||||
org_name = "Chaos";
|
||||
};
|
||||
"auth.generic_oauth" = {
|
||||
enabled = true;
|
||||
allow_assign_grafana_admin = true;
|
||||
allow_sign_up = true;
|
||||
api_url = "https://auth.c3d2.de/dex/userinfo";
|
||||
auth_url = "https://auth.c3d2.de/dex/auth";
|
||||
client_id = "grafana";
|
||||
client_secret = "$__file{${config.sops.secrets."grafana/client-secret".path}}";
|
||||
disable_login_form = true; # only allow OAuth
|
||||
icon = "signin";
|
||||
name = "auth.c3d2.de";
|
||||
oauth_allow_insecure_email_lookup = true;
|
||||
oauth_auto_login = true; # redirect automatically to the only oauth provider
|
||||
role_attribute_path = "contains(groups[*], 'grafana-admins') && 'Admin'";
|
||||
# https://dexidp.io/docs/custom-scopes-claims-clients/
|
||||
scopes = "openid email groups profile offline_access";
|
||||
token_url = "https://auth.c3d2.de/dex/token";
|
||||
};
|
||||
"auth.generic_oauth".client_secret = "$__file{${config.sops.secrets."grafana/client-secret".path}}";
|
||||
security = {
|
||||
admin_password = "$__file{${config.sops.secrets."grafana/admin-password".path}}";
|
||||
secret_key = "$__file{${config.sops.secrets."grafana/secret-key".path}}";
|
||||
|
@ -102,17 +92,10 @@
|
|||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"grafana.hq.c3d2.de" = {
|
||||
"${config.services.grafana.settings.server.domain}" = {
|
||||
default = true;
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/".proxyPass = "http://localhost:3000/";
|
||||
"/api/live/ws" = {
|
||||
proxyPass = "http://localhost:3000/";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -17,20 +17,6 @@ with final; {
|
|||
|
||||
ceph_17_2 = assert (lib.versions.majorMinor ceph.version) == "17.2"; prev.ceph;
|
||||
|
||||
dex-oidc = prev.dex-oidc.override {
|
||||
buildGoModule = args: buildGoModule (args // {
|
||||
patches = args.patches or [ ] ++ [
|
||||
# remember session
|
||||
(fetchpatch {
|
||||
url = "https://github.com/dexidp/dex/commit/000004b13b876e04a6f75ec0394f7cabe84fb15e.patch";
|
||||
hash = "sha256-u85RnwfhcQt7RK11Ed/fDLUbHOuD+TKJU8UHQslZowM=";
|
||||
})
|
||||
];
|
||||
|
||||
vendorHash = "sha256-hxq7JPz8uD5WQIPO2anSf9+kzyoQy/BQ0OVTblA8qts=";
|
||||
});
|
||||
};
|
||||
|
||||
dump1090-influxdb = callPackage ./dump1090-influxdb { };
|
||||
|
||||
dump1090_rs = callPackage ./dump1090_rs.nix { };
|
||||
|
|
Loading…
Reference in New Issue