ansible-infra/templates/chaosknoten/configs/grafana/docker_compose/grafana.ini
June abc738c9c2
All checks were successful
/ Ansible Lint (push) Successful in 1m33s
flatten the "playbooks" directory for better structure
Because of how Ansible local relative search paths work, the global
"files" and "templates" directories need to be next to the playbooks.
However its not intuitive to look into the playbooks directory to find
the files and templates for a host.
Therefore flatten the playbooks directory to get rid of this confusing
structure.

Also see:
https://docs.ansible.com/ansible/latest/playbook_guide/playbook_pathing.html#resolving-local-relative-paths
2024-12-02 00:48:19 +01:00

25 lines
1.2 KiB
INI

[server]
root_url = https://grafana.hamburg.ccc.de
[auth]
disable_login_form = true
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/keycloak/
[auth.generic_oauth]
enabled = true
auto_login = true
name = id.hamburg.ccc.de
allow_sign_up = true
client_id = grafana
client_secret = {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/grafana/KEYCLOAK_SECRET", create=false, missing="error") }}
scopes = openid email profile offline_access roles
email_attribute_path = email
login_attribute_path = username
name_attribute_path = full_name
auth_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth
token_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token
api_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/userinfo
signout_redirect_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/logout
role_attribute_path = "contains(roles[*], 'grafanaadmin') && 'GrafanaAdmin' || contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'"
allow_assign_grafana_admin = true
use_refresh_token = true