tbarnouin/nixos-hypervisor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Functioning OAuth for grafana
All checks were successful
/ Build Nix targets (push) Successful in 3m30s
Details

Browse source
This commit is contained in:
Théo Barnouin 2025-01-08 12:57:14 +01:00
parent 3d34252867
commit d039cc3131
4 changed files with 25 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

20
services/grafana/default.nix
View file

@ -66,17 +66,17 @@ in
password = "\$__file{${config.age.secrets.grafana-db.path}}";
};
"auth.generic_oauth" = {
enabled = true;
name = "authentik";
allow_sign_up = true;
client_id = "WYrvCg9SYRPxHFZ7ag4oxlPRBNFUSC5M4uPZQMIqi";
enabled = "true";
name = "authentik";
allow_sign_up = "true";
client_id = "9HV82G8F92Jcbw4nP8eppMcPpLcAw5uYpejfReLy";
client_secret = "\$__file{${config.age.secrets.grafana-oauth_secret.path}}";
scopes = [ "openid" "email" "profile" ];
auth_url = "https://auth.omero-fbi.fr/application/o/authorize/";
token_url = "https://auth.omero-fbi.fr/application/o/token/";
api_url = "https://auth.omero-fbi.fr/application/o/userinfo/";
role_attribute_path = "contains(groups, 'project_admins') && 'Admin' || contains(groups, 'project_agent') && 'Editor' || 'Viewer';role_attribute_strict = false";
allow_assign_grafana_admin = true;
scopes = "openid email profile";
auth_url = "https://authentik.le43.eu/application/o/authorize/";
token_url = "https://authentik.le43.eu/application/o/token/";
api_url = "https://authentik.le43.eu/application/o/userinfo/";
role_attribute_path = "contains(groups, 'admin') && 'Admin' || contains(groups, 'admin') && 'Editor' || 'Viewer';role_attribute_strict = false";
allow_assign_grafana_admin = "true";
};
};
};