add dex auth to grafana
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
This commit is contained in:
parent
64bdee8a12
commit
bb38cadb11
2 changed files with 30 additions and 6 deletions
|
@ -62,12 +62,20 @@ in {
|
||||||
};
|
};
|
||||||
}];
|
}];
|
||||||
|
|
||||||
staticClients = [{
|
staticClients = [
|
||||||
|
{
|
||||||
id = "outline";
|
id = "outline";
|
||||||
name = "Outline";
|
name = "Outline";
|
||||||
redirectURIs = [ "https://outline.0x76.dev/auth/oidc.callback" ];
|
redirectURIs = [ "https://outline.0x76.dev/auth/oidc.callback" ];
|
||||||
secretEnv = "OUTLINE_CLIENT_SECRET";
|
secretEnv = "OUTLINE_CLIENT_SECRET";
|
||||||
}];
|
}
|
||||||
|
{
|
||||||
|
id = "grafana";
|
||||||
|
name = "Grafana";
|
||||||
|
redirectURIs = [ "https://grafana.0x76.dev/login/generic_oauth" ];
|
||||||
|
secretEnv = "GRAFANA_CLIENT_SECRET";
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
environmentFile = "${vs.dex}/environment";
|
environmentFile = "${vs.dex}/environment";
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let
|
let
|
||||||
vmPort = 8428;
|
vmPort = 8428;
|
||||||
|
grafanaDomain = config.meta.exposes.grafana.domain;
|
||||||
grafanaPort = config.meta.exposes.grafana.port;
|
grafanaPort = config.meta.exposes.grafana.port;
|
||||||
vs = config.vault-secrets.secrets;
|
vs = config.vault-secrets.secrets;
|
||||||
in {
|
in {
|
||||||
|
@ -21,8 +22,7 @@ in {
|
||||||
# Additional packages
|
# Additional packages
|
||||||
environment.systemPackages = with pkgs; [ ];
|
environment.systemPackages = with pkgs; [ ];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts =
|
networking.firewall.allowedTCPPorts = [ vmPort grafanaPort ];
|
||||||
[ vmPort config.services.grafana.settings.server.http_port ];
|
|
||||||
networking.firewall.allowedUDPPorts = [ vmPort ];
|
networking.firewall.allowedUDPPorts = [ vmPort ];
|
||||||
|
|
||||||
services.victoriametrics = {
|
services.victoriametrics = {
|
||||||
|
@ -76,12 +76,28 @@ in {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
server = {
|
server = {
|
||||||
domain = "grafana.0x76.dev";
|
domain = grafanaDomain;
|
||||||
root_url = "https://grafana.0x76.dev";
|
root_url = "https://${grafanaDomain}";
|
||||||
http_addr = "0.0.0.0";
|
http_addr = "0.0.0.0";
|
||||||
http_port = grafanaPort;
|
http_port = grafanaPort;
|
||||||
};
|
};
|
||||||
security.admin_password = "$__file{${vs.grafana}/password}";
|
security.admin_password = "$__file{${vs.grafana}/password}";
|
||||||
|
|
||||||
|
"auth.generic_oauth" = {
|
||||||
|
name = "Dex";
|
||||||
|
icon = "signin";
|
||||||
|
enabled = true;
|
||||||
|
allow_sign_up = true;
|
||||||
|
client_id = "grafana";
|
||||||
|
client_secret = "$__file{${vs.grafana}/dex_client_secret}";
|
||||||
|
scopes = toString [ "openid" "profile" "email" "groups" ];
|
||||||
|
auth_url = "https://dex.0x76.dev/auth";
|
||||||
|
token_url = "https://dex.0x76.dev/token";
|
||||||
|
api_url = "https://dex.0x76.dev/userinfo";
|
||||||
|
skip_org_role_sync = true;
|
||||||
|
auto_login = true;
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue