tristan/nix
1
0
Fork 0
Code Projects Releases Packages Activity

grafana sso

Browse source
This commit is contained in:
Tristan 2024-02-18 15:54:14 +00:00
parent 8131132c49
commit 8e30de4995
8 changed files with 163 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

23
nixos/services/grafana.nix
View file

@ -1,8 +1,31 @@
{config, ...}: let
cfg = config.services.grafana;
secrets = config.age.secrets;
in {
age.secrets.grafana_oidc_client_secret = {
file = ../../secrets/grafana/oidc/client_secret.age;
owner = "grafana";
};
services.grafana = {
enable = true;
settings = {
server = {
root_url = "https://${cfg.settings.server.domain}";
};
"auth.generic_oauth" = {
enabled = true;
name = "authentik";
client_id = "TNMLGFxpovO0jPptxD0nYmjnuytXd1MphjFS20uE";
client_secret = "$__file{${secrets.grafana_oidc_client_secret.path}}";
scopes = toString ["openid" "profile" "email"];
auth_url = "https://auth.tristans.cloud/application/o/authorize/";
token_url = "https://auth.tristans.cloud/application/o/token/";
api_url = "https://auth.tristans.cloud/application/o/userinfo/";
redirect_url = "https://auth.tristans.cloud/application/o/grafana/end-session/";
role_attribute_path =
"contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'";
};
};
};
services.nginx.virtualHosts = {
${cfg.settings.server.domain} = {

17
nixos/services/prometheus.nix
View file

@ -1,5 +1,22 @@
{config, ...}:
let
inherit ( config.services ) prometheus;
nodes = [
"100.65.29.110"
"100.106.241.122"
];
addPort = ip: "${ip}:${toString prometheus.exporters.node.port}";
in
{
services.prometheus = {
enable = true;
scrapeConfigs = [
{
job_name = "nodes";
static_configs = [{
targets = builtins.map addPort nodes;
}];
}
];
};
}