motiejus/config
1
Fork 0
Code Packages Releases Activity

configure grafana oidc

Browse Source 
client id: 5349c113-467d-4b95-a61b-264f2d844da8
This commit is contained in:
Motiejus Jakštys 2023-08-14 15:30:01 +03:00
parent 5a7a32f1e0
commit c8caae7d99
4 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
flake.nix
View File

@ -90,6 +90,7 @@
age.secrets.sasl-passwd.file = ./secrets/postfix_sasl_passwd.age; age.secrets.sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
age.secrets.borgbackup-password.file = ./secrets/vno1-oh2/borgbackup/password.age; age.secrets.borgbackup-password.file = ./secrets/vno1-oh2/borgbackup/password.age;
age.secrets.grafana-oidc.file = ./secrets/grafana.jakstys.lt/oidc.age;
age.secrets.letsencrypt-account-key.file = ./secrets/letsencrypt/account.key.age; age.secrets.letsencrypt-account-key.file = ./secrets/letsencrypt/account.key.age;
} }
]; ];

18
hosts/vno1-oh2/configuration.nix
View File

@ -157,6 +157,16 @@
http_addr = "0.0.0.0"; http_addr = "0.0.0.0";
http_port = myData.ports.grafana; http_port = myData.ports.grafana;
}; };
auth.oauth_allow_insecure_email_lookup = true;
"auth.generic_oauth" = {
enabled = true;
client_id = "5349c113-467d-4b95-a61b-264f2d844da8";
client_secret = "$__file{/run/grafana/oidc-secret}";
auth_url = "https://git.jakstys.lt/login/oauth/authorize";
api_url = "https://git.jakstys.lt/login/oauth/userinfo";
token_url = "https://git.jakstys.lt/login/oauth/access_token";
};
feature_toggles.accessTokenExpirationCheck = true;
}; };
}; };
@ -215,6 +225,14 @@
wants = ["nsd-acme-grafana.jakstys.lt.service"]; wants = ["nsd-acme-grafana.jakstys.lt.service"];
}; };
grafana = {
preStart = "ln -sf $CREDENTIALS_DIRECTORY/oidc /run/grafana/oidc-secret";
serviceConfig = {
RuntimeDirectory = "grafana";
LoadCredential = ["oidc:${config.age.secrets.grafana-oidc.path}"];
};
};
cert-watcher = { cert-watcher = {
description = "Restart caddy when tls keys/certs change"; description = "Restart caddy when tls keys/certs change";
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];

1
secrets.nix
View File

@ -29,6 +29,7 @@ in
// mk ([vno1-oh2] ++ motiejus) [ // mk ([vno1-oh2] ++ motiejus) [
"secrets/hel1-a/zfs-passphrase.age" "secrets/hel1-a/zfs-passphrase.age"
"secrets/vno1-oh2/borgbackup/password.age" "secrets/vno1-oh2/borgbackup/password.age"
"secrets/grafana.jakstys.lt/oidc.age"
"secrets/letsencrypt/account.key.age" "secrets/letsencrypt/account.key.age"
] ]
// mk (systems ++ motiejus) [ // mk (systems ++ motiejus) [

15
secrets/grafana.jakstys.lt/oidc.age Normal file
View File

@ -0,0 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 gJrHQg ej79kBVT2fAw7UssjrWr2PzaHZTg/Kz4zszS2Otod0M
e6gkJMB9/ew3MVCtaeDqo71e/HGJCCGxqLw6PLCeHfE
-> X25519 B4CDnVnaOb9EZ5BT5Td8HSpO7doIqFxPaOyt2ySzFQs
U85oEdx/nw9Z4Ojrx78qmGFo4QMk6qSdLxPf6kj1NDE
-> piv-p256 +y2G/w AnlTfEux0XOjf37KUuizAWymOID0N6VlMAQbREYPFgv6
l7aJCDjdDK6Nf5o7laLK8BfhQLt3UkQS8pX/OysaHZI
-> piv-p256 jNqd3A A2I3noVPaw/0g22jIM/VCIHo5vl9JbAMfbi3KHsgS+UE
xiANL8jrJqUor9n3WZhJSzJ6fH/FMg+PXJpM3y4U3Jc
-> Y%SI-grease
DSiy2TEGnnDeJaLuvKDGN8nJz7D57vgJSpmy269chWlCiYH3IGvI5HGdshPt30Ih
kDzqtPQU/cLrsBHyTRmuQ7Mn0jdp6l/lVKWwHHCArun/+Y+ormDXTEneLoTaUI3f
dkg
--- fn/9LJm/9+imjk782wITmMC1nTE76VR94qdvV1gpbZw
Ë$<24>J1?òaöl—6/CÑžÊJŠÙþ¶K¡¹Èx§À¦ÁàÔÿ„áè¶}L~6™~<7E>§æc4Ÿ‰6MÓªÑiÙÑÁ2%úF! á,Úšô¼R£šÛ