Add Grafana/Prometheus config

playbooks/templates/chaosknoten/configs/grafana/docker_compose/grafana.ini

@@ -0,0 +1,25 @@
+[server]
+root_url = https://grafana.hamburg.ccc.de
+
+[auth]
+disable_login_form = true
+
+# https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/keycloak/
+[auth.generic_oauth]
+enabled = true
+auto_login = true
+name = id.hamburg.ccc.de
+allow_sign_up = true
+client_id = grafana
+client_secret = {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/KEYCLOAK_SECRET", create=false, missing="error") }}
+scopes = openid email profile offline_access roles
+email_attribute_path = email
+login_attribute_path = username
+name_attribute_path = full_name
+auth_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth
+token_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token
+api_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/userinfo
+signout_redirect_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/logout
+role_attribute_path = "contains(roles[*], 'grafanaadmin') && 'GrafanaAdmin' || contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'"
+allow_assign_grafana_admin = true
+use_refresh_token = true