From 418dfe35dbb1284f82493b3f614bbf0f7c8df380 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= Date: Thu, 16 Jan 2025 22:37:30 +0200 Subject: [PATCH] grafana: remove oidc too --- hosts/fwminex/configuration.nix | 2 -- modules/services/grafana/default.nix | 24 ------------------------ secrets.nix | 2 -- secrets/grafana.jakstys.lt/oidc.age | Bin 681 -> 0 bytes 4 files changed, 28 deletions(-) delete mode 100644 secrets/grafana.jakstys.lt/oidc.age diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix index 7f2429c..5dba817 100644 --- a/hosts/fwminex/configuration.nix +++ b/hosts/fwminex/configuration.nix @@ -18,7 +18,6 @@ in root-server-passwd-hash.file = ../../secrets/root_server_passwd_hash.age; sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age; borgbackup-password.file = ../../secrets/fwminex/borgbackup-password.age; - grafana-oidc.file = ../../secrets/grafana.jakstys.lt/oidc.age; letsencrypt-account-key.file = ../../secrets/letsencrypt/account.key.age; vaultwarden-secrets-env.file = ../../secrets/vaultwarden/secrets.env.age; synapse-jakstys-signing-key.file = ../../secrets/synapse/jakstys_lt_signing_key.age; @@ -473,7 +472,6 @@ in grafana = { enable = true; port = myData.ports.grafana; - oidcSecretFile = config.age.secrets.grafana-oidc.path; }; tailscale = { diff --git a/modules/services/grafana/default.nix b/modules/services/grafana/default.nix index 52b1a42..9eed1d0 100644 --- a/modules/services/grafana/default.nix +++ b/modules/services/grafana/default.nix @@ -11,7 +11,6 @@ in options.mj.services.grafana = with lib.types; { enable = lib.mkEnableOption "enable grafana"; port = lib.mkOption { type = port; }; - oidcSecretFile = lib.mkOption { type = str; }; }; config = lib.mkIf cfg.enable { @@ -47,33 +46,10 @@ in http_port = cfg.port; }; users.auto_assign_org = true; - users.auto_assign_org_role = "Editor"; - - # https://github.com/grafana/grafana/issues/70203#issuecomment-1612823390 - auth.oauth_allow_insecure_email_lookup = true; - - "auth.generic_oauth" = { - enabled = true; - auto_login = true; - client_id = "5349c113-467d-4b95-a61b-264f2d844da8"; - client_secret = "$__file{/run/grafana/oidc-secret}"; - auth_url = "https://git.jakstys.lt/login/oauth/authorize"; - api_url = "https://git.jakstys.lt/login/oauth/userinfo"; - token_url = "https://git.jakstys.lt/login/oauth/access_token"; - }; feature_toggles.accessTokenExpirationCheck = true; }; }; - systemd.services.grafana = { - preStart = "ln -sf $CREDENTIALS_DIRECTORY/oidc /run/grafana/oidc-secret"; - serviceConfig = { - LogsDirectory = "grafana"; - RuntimeDirectory = "grafana"; - LoadCredential = [ "oidc:${cfg.oidcSecretFile}" ]; - }; - }; - mj.services.friendlyport.ports = [ { subnets = [ myData.subnets.tailscale.cidr ]; diff --git a/secrets.nix b/secrets.nix index adbd5b9..8bc803f 100644 --- a/secrets.nix +++ b/secrets.nix @@ -58,8 +58,6 @@ in "secrets/root_server_passwd_hash.age" ] // mk ([ fwminex ] ++ motiejus) [ - "secrets/headscale/oidc_client_secret2.age" - "secrets/grafana.jakstys.lt/oidc.age" "secrets/vaultwarden/secrets.env.age" "secrets/letsencrypt/account.key.age" diff --git a/secrets/grafana.jakstys.lt/oidc.age b/secrets/grafana.jakstys.lt/oidc.age deleted file mode 100644 index d118e80ad8a075719d01b4fa5ba111ca9d4f4be9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 681 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSnD-2FFb5ux;)b|bx z2@DNLDooQ43eJe|&M3$T$TK!HFwgb#^(gSoD5^|K)y_7^aO5g0Ht{P84EHxJEqAmq zck>T0bqCudp;Xt*9(AjxaLwb_LlM0kJ5%Lfb7exhN=CJ1;0O$TKCs zOh3fK$j8gC&@aciINz+OBEQNfqa>^{GoLHV!Z|0?Ewil9+aNrm+$b$0&DX`Sz`Z!a zBDkc&ILtjc$R*s{Kf|M!Y_%G7M*5|gp;KrI=Xy75W7@ndNu~dS;Xvgt!zZdKiSIn|t|}ggcvfWV+=0h8Sn$I~Q|_X@A|I zVdYYIIBvaL>6Q8@CEe=jFT7N qs6MQ?k?jmu$e|7Ucm?Ec|Mi+~{_f48EnjywzInvNyDpC_r4s=1KJ0n`