My Nix Configuration
[marvin] update grafana config
+18
-12
+15
-10
hosts/marvin/services/grafana.nix
+15
-10
hosts/marvin/services/grafana.nix
···
6
6
}:
7
7
let
8
8
d = self.lib.data.services.grafana;
9
-
a = self.lib.data.services.authentik;
9
+
p = self.lib.data.services.pocket-id;
10
10
in
11
11
{
12
12
services.grafana = {
···
14
14
settings = {
15
15
analytics.reporting_enable = false;
16
16
"auth.generic_oauth" = {
17
-
name = "central";
17
+
name = "dishnet Auth";
18
18
icon = "signin";
19
19
enabled = "true";
20
-
client_id = "89f4607cf446a777a6b25ebde8731cdcb80b04c1";
21
-
client_secret = "89eccaa8a31104c218df5cfe37c87f0ea0bbddcd1571bddb7f7fbf5a09045efd59c61f1caaa79483ad59aac2c19488b254acdaced47e66a6505865a14a63ac4a";
22
-
auth_url = "https://${a.extUrl}/application/o/authorize/";
23
-
token_url = "https://${a.extUrl}/application/o/token/";
24
-
api_url = "https://${a.extUrl}/application/o/userinfo/";
20
+
client_id = "e63b892a-e5c8-4b61-a61f-89f25c3d127d";
21
+
client_secret = "$__file{${config.age.secrets.grafana-oidc-secret.path}}";
22
+
auth_url = "https://${p.extUrl}/authorize/";
23
+
token_url = "https://${p.extUrl}/api/oidc/token/";
24
+
api_url = "https://${p.extUrl}/api/oidc/userinfo/";
25
25
scopes = "openid profile email";
26
26
};
27
27
"auth" = {
28
-
signout_redirect_url = "https://${a.extUrl}/if/session-end/stathog/";
28
+
signout_redirect_url = "https://${p.extUrl}/api/oidc/end-session";
29
29
disableLoginForm = true;
30
30
};
31
31
security = {
···
49
49
};
50
50
age.secrets = {
51
51
grafana-admin = {
52
-
file = ./secrets/grafana-admin-password.age;
52
+
file = ./secrets/grafana/admin-password.age;
53
53
owner = "grafana";
54
54
group = "grafana";
55
55
};
56
56
grafana-smtp-password = {
57
-
file = ./secrets/grafana-smtp-password.age;
57
+
file = ./secrets/grafana/smtp-password.age;
58
+
owner = "grafana";
59
+
group = "grafana";
60
+
};
61
+
grafana-oidc-secret = {
62
+
file = ./secrets/grafana/oidc-secret.age;
58
63
owner = "grafana";
59
64
group = "grafana";
60
65
};
hosts/marvin/services/secrets/grafana-admin-password.age
hosts/marvin/services/secrets/grafana/admin-password.age
hosts/marvin/services/secrets/grafana-admin-password.age
hosts/marvin/services/secrets/grafana/admin-password.age
hosts/marvin/services/secrets/grafana-smtp-password.age
hosts/marvin/services/secrets/grafana/smtp-password.age
hosts/marvin/services/secrets/grafana-smtp-password.age
hosts/marvin/services/secrets/grafana/smtp-password.age
hosts/marvin/services/secrets/grafana/oidc-secret.age
hosts/marvin/services/secrets/grafana/oidc-secret.age
This is a binary file and will not be displayed.
+3
-2
hosts/marvin/services/secrets/secrets.nix
+3
-2
hosts/marvin/services/secrets/secrets.nix
···
25
25
"forgejo/oauth2-jwt-secret.age".publicKeys = marvinDefault;
26
26
"forgejo/secret-key.age".publicKeys = marvinDefault;
27
27
"golink-authkey.age".publicKeys = marvinDefault;
28
-
"grafana-admin-password.age".publicKeys = marvinDefault;
29
-
"grafana-smtp-password.age".publicKeys = marvinDefault;
28
+
"grafana/admin-password.age".publicKeys = marvinDefault;
29
+
"grafana/oidc-secret.age".publicKeys = marvinDefault;
30
+
"grafana/smtp-password.age".publicKeys = marvinDefault;
30
31
"immich/oauth-secret.age".publicKeys = marvinDefault;
31
32
"immich/mail-pw.age".publicKeys = marvinDefault;
32
33
"jellyfin-exporter-config.age".publicKeys = marvinDefault;