diff --git a/config/monitoring-grafana.nix b/config/monitoring-grafana.nix index 93b48ff..36d6327 100644 --- a/config/monitoring-grafana.nix +++ b/config/monitoring-grafana.nix @@ -72,6 +72,24 @@ in http_port = 3000; protocol = "http"; }; + auth = { + signout_redirect_url = "https://auth.plg.m0rel.eu/application/o/grafana/end-session/"; + }; + "auth.generic_oauth" = { + enabled = true; + allow_sign_up = true; + auto_login = true; + name = "authentik"; + client_id = "wK5v2ELbuMtaCk0G5X1mSiBXTzMdkEmKmWH410vY"; + client_secret = "5cKyZDoQPpZcGJdUCkF8kxtAxpJ2fEDX5mOoRGxACCddhuptM6RnDU9EqRxtaMwEKFaBMuIwQwfVfhGCjSj5SVFIOUAFLugPjzyLrwUF52WVzouz3BY8xFyOMXzF6YV"; + scopes = "openid profile email entitlements"; + auth_url = "https://auth.plg.m0rel.eu/application/o/authorize/"; + token_url = "https://auth.plg.m0rel.eu/application/o/token/"; + api_url = "https://auth.plg.m0rel.eu/application/o/userinfo/"; + role_attribute_path = "contains(entitlements[*], 'Grafana Admins') && 'Admin' || contains(entitlements[*], 'Grafana Editors') && 'Editor' || 'Viewer'"; + tls_skip_verify_insecure = true; + use_pkce = true; + }; }; }; }