reorganize (config) files and templates into one "resources" dir

This groups the files and templates for each host together and therefore makes it easier to see all the (config) files for a host. Also clean up incorrect, unused docker_compose config for mumble and clean up unused engelsystem configs.
2024-12-05 22:18:27 +01:00 · 2024-12-05 22:18:27 +01:00 · 07dbbf055c
commit 07dbbf055c
parent 4b0e03e8b2
83 changed files with 62 additions and 121 deletions
--- a/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2
+++ b/resources/chaosknoten/grafana/docker_compose/grafana.ini.j2
@ -0,0 +1,25 @@
+[server]
+root_url = https://grafana.hamburg.ccc.de
+
+[auth]
+disable_login_form = true
+
+# https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/keycloak/
+[auth.generic_oauth]
+enabled = true
+auto_login = true
+name = id.hamburg.ccc.de
+allow_sign_up = true
+client_id = grafana
+client_secret = {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/KEYCLOAK_SECRET", create=false, missing="error") }}
+scopes = openid email profile offline_access roles
+email_attribute_path = email
+login_attribute_path = username
+name_attribute_path = full_name
+auth_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth
+token_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token
+api_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/userinfo
+signout_redirect_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/logout
+role_attribute_path = "contains(roles[*], 'grafanaadmin') && 'GrafanaAdmin' || contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'"
+allow_assign_grafana_admin = true
+use_refresh_token = true