tristan/nix
1
0
Fork 0
Code Projects Releases Packages Activity
nix/nixos/services/grafana.nix
Tristan c32ab6ba1f nextcloud and sops-nix
2024-02-22 17:17:40 +00:00

39 lines
1.3 KiB
Nix
Raw Blame History

{config, ...}: let
cfg = config.services.grafana;
secrets = config.sops.secrets;
in {
sops.secrets."grafana/oidc_client_secret" = {
owner = "grafana";
};
services.grafana = {
enable = true;
settings = {
server = {
root_url = "https://${cfg.settings.server.domain}";
};
"auth.generic_oauth" = {
enabled = true;
name = "authentik";
client_id = "TNMLGFxpovO0jPptxD0nYmjnuytXd1MphjFS20uE";
client_secret = "$__file{${secrets."grafana/oidc_client_secret".path}}";
scopes = toString ["openid" "profile" "email"];
auth_url = "https://auth.tristans.cloud/application/o/authorize/";
token_url = "https://auth.tristans.cloud/application/o/token/";
api_url = "https://auth.tristans.cloud/application/o/userinfo/";
redirect_url = "https://auth.tristans.cloud/application/o/grafana/end-session/";
role_attribute_path =
"contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'";
};
};
};
services.nginx.virtualHosts = {
${cfg.settings.server.domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:${toString cfg.settings.server.http_port}";
};
};
};
}
View git blame Copy permalink