Ajout config OAuth pour grafana

flake.nix

@@ -1,6 +1,16 @@
 {
   description = "A simple system flake using some Aux defaults";
 
+  nixConfig = {
+    extra-substituters = [
+      "https://nix-community.cachix.org"
+    ];
+    extra-trusted-public-keys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+    ];
+  };
+
+
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
     home-manager = {
@@ -230,6 +240,15 @@
             "${inputs.self}/systems"
             "${inputs.self}/services"
             {
+              microvm = {
+                volumes = [
+                  {
+                    mountPoint = "/media";
+                    image = "/var/lib/microvms/authentik/media.img";
+                    size = 2048;
+                  }
+                ];
+              };
               services.vm = {
                 enable   = true;
                 hostname = "authentik";

services/grafana/default.nix

@@ -23,6 +23,25 @@ in
           root_url = "https://logs.le43.eu";
           serve_from_sub_path = false;
         };
+        auth = {
+          signout_redirect_url = https://authentik.le43.eu/application/o/grafana/end-session/;
+          oauth_auto_login = true;
+        };
+        "oauth.generic_oauth" = {
+          name = "authentik";
+          enabled = true;
+          client_id = "9HV82G8F92Jcbw4nP8eppMcPpLcAw5uYpejfReLy";
+          client_secret = "\$__file{/run/secrets/grafana/client_secret}";
+          scopes = [
+            "openid"
+            "email"
+            "profile"
+          ];
+          auth_url = "https://authentik.le43.eu/application/o/authorize/";
+          token_url = "https://authentik.le43.eu/application/o/token/";
+          api_url = "https://authentik.le43.eu/application/o/userinfo/";
+          role_attribute_path = "contains(groups, 'admin') && 'Admin' || 'Viewer'";
+        };
       };
     };
     services.prometheus = {