grafana: move to nixos-modules
This commit is contained in:
parent
b625818eeb
commit
e5bf878cb3
|
@ -171,6 +171,11 @@
|
||||||
gnome-initial-setup.enable = false;
|
gnome-initial-setup.enable = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
grafana.oauth = {
|
||||||
|
adminGroup = "grafana-admins";
|
||||||
|
userGroup = "grafana-users";
|
||||||
|
};
|
||||||
|
|
||||||
hedgedoc.ldap.userGroup = "hedgedoc-users";
|
hedgedoc.ldap.userGroup = "hedgedoc-users";
|
||||||
|
|
||||||
home-assistant.ldap.userGroup = "home-assistant-users";
|
home-assistant.ldap.userGroup = "home-assistant-users";
|
||||||
|
@ -223,11 +228,6 @@
|
||||||
ldapPreset = true;
|
ldapPreset = true;
|
||||||
# those can't be under hosts/*/default.nix because those are not imported for the auth microvm
|
# those can't be under hosts/*/default.nix because those are not imported for the auth microvm
|
||||||
seedSettings.groups = [
|
seedSettings.groups = [
|
||||||
{
|
|
||||||
long_name = "Grafana Administrators";
|
|
||||||
name = "grafana-admins";
|
|
||||||
permissions = {};
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
long_name = "Mobilizon Users";
|
long_name = "Mobilizon Users";
|
||||||
name = "mobilizon-users";
|
name = "mobilizon-users";
|
||||||
|
|
12
flake.lock
12
flake.lock
|
@ -362,11 +362,11 @@
|
||||||
},
|
},
|
||||||
"nixos": {
|
"nixos": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1701088943,
|
"lastModified": 1701458931,
|
||||||
"narHash": "sha256-x+wLGp8jAq8ObK6uN9TOJXgoaG2N+SSRhiG5GBnBMyM=",
|
"narHash": "sha256-MGeSJCSMgCh29lFJg837Z5JbpF+mKEDwHBYYfQ3xwtU=",
|
||||||
"owner": "SuperSandro2000",
|
"owner": "SuperSandro2000",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "730ac6127efc0144ea067e86a90b56a5c61d7f26",
|
"rev": "562cbe0a293d73460fe974472dfb6e0a47393780",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -398,11 +398,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1701034292,
|
"lastModified": 1701643093,
|
||||||
"narHash": "sha256-Z9dI1ZGgPqs5HGL/dskfUOZ3wZJq/BNurVPw17nhAbs=",
|
"narHash": "sha256-cJves2E255uJHoQLxdwB/Ipd718IYohE2HRBBse3Q9w=",
|
||||||
"owner": "SuperSandro2000",
|
"owner": "SuperSandro2000",
|
||||||
"repo": "nixos-modules",
|
"repo": "nixos-modules",
|
||||||
"rev": "99d25ca193cc4d2bfcfe4b3747c793e398f12a50",
|
"rev": "bfc7e254acbf9ab43658893e367f3944811f9685",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -18,8 +18,6 @@
|
||||||
paths = [ "/var/lib/portunus/" ];
|
paths = [ "/var/lib/portunus/" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
dex.settings.oauth2.skipApprovalScreen = true;
|
|
||||||
|
|
||||||
nginx = {
|
nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts."auth.c3d2.de" = {
|
virtualHosts."auth.c3d2.de" = {
|
||||||
|
|
|
@ -24,6 +24,13 @@
|
||||||
|
|
||||||
grafana = {
|
grafana = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
configureNginx = true;
|
||||||
|
oauth = {
|
||||||
|
enable = true;
|
||||||
|
adminGroup = "grafana-admins";
|
||||||
|
enableViewerRole = true;
|
||||||
|
userGroup = "grafana-users";
|
||||||
|
};
|
||||||
|
|
||||||
provision = {
|
provision = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -50,24 +57,7 @@
|
||||||
enabled = true;
|
enabled = true;
|
||||||
org_name = "Chaos";
|
org_name = "Chaos";
|
||||||
};
|
};
|
||||||
"auth.generic_oauth" = {
|
"auth.generic_oauth".client_secret = "$__file{${config.sops.secrets."grafana/client-secret".path}}";
|
||||||
enabled = true;
|
|
||||||
allow_assign_grafana_admin = true;
|
|
||||||
allow_sign_up = true;
|
|
||||||
api_url = "https://auth.c3d2.de/dex/userinfo";
|
|
||||||
auth_url = "https://auth.c3d2.de/dex/auth";
|
|
||||||
client_id = "grafana";
|
|
||||||
client_secret = "$__file{${config.sops.secrets."grafana/client-secret".path}}";
|
|
||||||
disable_login_form = true; # only allow OAuth
|
|
||||||
icon = "signin";
|
|
||||||
name = "auth.c3d2.de";
|
|
||||||
oauth_allow_insecure_email_lookup = true;
|
|
||||||
oauth_auto_login = true; # redirect automatically to the only oauth provider
|
|
||||||
role_attribute_path = "contains(groups[*], 'grafana-admins') && 'Admin'";
|
|
||||||
# https://dexidp.io/docs/custom-scopes-claims-clients/
|
|
||||||
scopes = "openid email groups profile offline_access";
|
|
||||||
token_url = "https://auth.c3d2.de/dex/token";
|
|
||||||
};
|
|
||||||
security = {
|
security = {
|
||||||
admin_password = "$__file{${config.sops.secrets."grafana/admin-password".path}}";
|
admin_password = "$__file{${config.sops.secrets."grafana/admin-password".path}}";
|
||||||
secret_key = "$__file{${config.sops.secrets."grafana/secret-key".path}}";
|
secret_key = "$__file{${config.sops.secrets."grafana/secret-key".path}}";
|
||||||
|
@ -102,17 +92,10 @@
|
||||||
nginx = {
|
nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"grafana.hq.c3d2.de" = {
|
"${config.services.grafana.settings.server.domain}" = {
|
||||||
default = true;
|
default = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
locations = {
|
|
||||||
"/".proxyPass = "http://localhost:3000/";
|
|
||||||
"/api/live/ws" = {
|
|
||||||
proxyPass = "http://localhost:3000/";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -17,20 +17,6 @@ with final; {
|
||||||
|
|
||||||
ceph_17_2 = assert (lib.versions.majorMinor ceph.version) == "17.2"; prev.ceph;
|
ceph_17_2 = assert (lib.versions.majorMinor ceph.version) == "17.2"; prev.ceph;
|
||||||
|
|
||||||
dex-oidc = prev.dex-oidc.override {
|
|
||||||
buildGoModule = args: buildGoModule (args // {
|
|
||||||
patches = args.patches or [ ] ++ [
|
|
||||||
# remember session
|
|
||||||
(fetchpatch {
|
|
||||||
url = "https://github.com/dexidp/dex/commit/000004b13b876e04a6f75ec0394f7cabe84fb15e.patch";
|
|
||||||
hash = "sha256-u85RnwfhcQt7RK11Ed/fDLUbHOuD+TKJU8UHQslZowM=";
|
|
||||||
})
|
|
||||||
];
|
|
||||||
|
|
||||||
vendorHash = "sha256-hxq7JPz8uD5WQIPO2anSf9+kzyoQy/BQ0OVTblA8qts=";
|
|
||||||
});
|
|
||||||
};
|
|
||||||
|
|
||||||
dump1090-influxdb = callPackage ./dump1090-influxdb { };
|
dump1090-influxdb = callPackage ./dump1090-influxdb { };
|
||||||
|
|
||||||
dump1090_rs = callPackage ./dump1090_rs.nix { };
|
dump1090_rs = callPackage ./dump1090_rs.nix { };
|
||||||
|
|
Loading…
Reference in New Issue