June
7f1afef50d
Some checks failed
/ Ansible Lint (push) Failing after 1m54s
This makes secret configuration and usage a good bit cleaner.
25 lines
1.1 KiB
Django/Jinja
25 lines
1.1 KiB
Django/Jinja
[server]
|
|
root_url = https://grafana.hamburg.ccc.de
|
|
|
|
[auth]
|
|
disable_login_form = true
|
|
|
|
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/keycloak/
|
|
[auth.generic_oauth]
|
|
enabled = true
|
|
auto_login = true
|
|
name = id.hamburg.ccc.de
|
|
allow_sign_up = true
|
|
client_id = grafana
|
|
client_secret = {{ secret__grafana_keycloak_secret }}
|
|
scopes = openid email profile offline_access roles
|
|
email_attribute_path = email
|
|
login_attribute_path = username
|
|
name_attribute_path = full_name
|
|
auth_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth
|
|
token_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token
|
|
api_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/userinfo
|
|
signout_redirect_url = https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/logout
|
|
role_attribute_path = "contains(roles[*], 'grafanaadmin') && 'GrafanaAdmin' || contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'"
|
|
allow_assign_grafana_admin = true
|
|
use_refresh_token = true
|