Try and enable oauth on grafana

services/grafana/default.nix

@@ -19,11 +19,17 @@ in
     };
   };
   config = lib.mkIf cfg.enable {
-    age.secrets.grafana-db = {
+    age.secrets ={
+      grafana-db = {
         file  = ./secrets/grafana-db.age;
         owner = "grafana";
       };
-    age.secrets.kuma-token.file  = ./secrets/kuma-token.age;
+      grafana-oauth_secret = {
+        file  = ./secrets/grafana-oauth_secret.age;
+        owner = "grafana";
+      };
+      kuma-token.file  = ./secrets/kuma-token.age;
+    };
     services.rsyslogd = {
       enable = true;
       extraConfig = ''
@@ -59,6 +65,19 @@ in
           user     = "grafana";
           password = "\$__file{${config.age.secrets.grafana-db.path}}";
         };
+        "auth.generic_oauth" = {
+          enabled = true;
+          name = "authentik";
+          allow_sign_up = true;
+          client_id = "WYrvCg9SYRPxHFZ7ag4oxlPRBNFUSC5M4uPZQMIqi";
+          client_secret = "\$__file{${config.age.secrets.grafana-oauth_secret.path}}";
+          scopes = [ "openid" "email" "profile" ];
+          auth_url = "https://auth.omero-fbi.fr/application/o/authorize/";
+          token_url = "https://auth.omero-fbi.fr/application/o/token/";
+          api_url = "https://auth.omero-fbi.fr/application/o/userinfo/";
+          role_attribute_path = "contains(groups, 'project_admins') && 'Admin' || contains(groups, 'project_agent') && 'Editor' || 'Viewer';role_attribute_strict = false";
+          allow_assign_grafana_admin = true;
+        };
       };
     };
     services.prometheus = {

services/grafana/secrets/grafana-oauth_secret.age

@@ -0,0 +1 @@
+S0VJw2OdQPMPNaKwoIS86tm8sGyTOZzauK7h6AhNfeYJiLUtVJgOcIhydxHtBqVPwNE2WagYHEaDjGnS2sJjWMzZNbm1ZjOuorYYRQhpR0w33lAfu4bsU9Lof2JjSvtP