add dex auth to grafana
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
This commit is contained in:
parent
64bdee8a12
commit
bb38cadb11
|
|
@ -62,12 +62,20 @@ in {
|
|||
};
|
||||
}];
|
||||
|
||||
staticClients = [{
|
||||
staticClients = [
|
||||
{
|
||||
id = "outline";
|
||||
name = "Outline";
|
||||
redirectURIs = [ "https://outline.0x76.dev/auth/oidc.callback" ];
|
||||
secretEnv = "OUTLINE_CLIENT_SECRET";
|
||||
}];
|
||||
}
|
||||
{
|
||||
id = "grafana";
|
||||
name = "Grafana";
|
||||
redirectURIs = [ "https://grafana.0x76.dev/login/generic_oauth" ];
|
||||
secretEnv = "GRAFANA_CLIENT_SECRET";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
environmentFile = "${vs.dex}/environment";
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
{ config, pkgs, ... }:
|
||||
let
|
||||
vmPort = 8428;
|
||||
grafanaDomain = config.meta.exposes.grafana.domain;
|
||||
grafanaPort = config.meta.exposes.grafana.port;
|
||||
vs = config.vault-secrets.secrets;
|
||||
in {
|
||||
|
|
@ -21,8 +22,7 @@ in {
|
|||
# Additional packages
|
||||
environment.systemPackages = with pkgs; [ ];
|
||||
|
||||
networking.firewall.allowedTCPPorts =
|
||||
[ vmPort config.services.grafana.settings.server.http_port ];
|
||||
networking.firewall.allowedTCPPorts = [ vmPort grafanaPort ];
|
||||
networking.firewall.allowedUDPPorts = [ vmPort ];
|
||||
|
||||
services.victoriametrics = {
|
||||
|
|
@ -76,12 +76,28 @@ in {
|
|||
enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
domain = "grafana.0x76.dev";
|
||||
root_url = "https://grafana.0x76.dev";
|
||||
domain = grafanaDomain;
|
||||
root_url = "https://${grafanaDomain}";
|
||||
http_addr = "0.0.0.0";
|
||||
http_port = grafanaPort;
|
||||
};
|
||||
security.admin_password = "$__file{${vs.grafana}/password}";
|
||||
|
||||
"auth.generic_oauth" = {
|
||||
name = "Dex";
|
||||
icon = "signin";
|
||||
enabled = true;
|
||||
allow_sign_up = true;
|
||||
client_id = "grafana";
|
||||
client_secret = "$__file{${vs.grafana}/dex_client_secret}";
|
||||
scopes = toString [ "openid" "profile" "email" "groups" ];
|
||||
auth_url = "https://dex.0x76.dev/auth";
|
||||
token_url = "https://dex.0x76.dev/token";
|
||||
api_url = "https://dex.0x76.dev/userinfo";
|
||||
skip_org_role_sync = true;
|
||||
auto_login = true;
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue