raphael/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(self_host/monitor): adding sso w/ role management

Browse source
This commit is contained in:
Raphael 2025-10-19 21:12:22 +02:00
parent 6bae5d0c64
commit 888e296dfb
No known key found for this signature in database
1 changed files with 10 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

22
services/self_host/monitor.nix
View file

@ -22,15 +22,10 @@ in
dataDir = "/var/lib/grafana"; dataDir = "/var/lib/grafana";
settings = { settings = {
log = {
mode = "console";
level = "debug";
};
server = { server = {
root_url = "https://monitor.enium.eu"; root_url = "https://monitor.enium.eu";
domain = "monitor.enium.eu"; domain = "monitor.enium.eu";
serve_from_sub_path = true; serve_from_sub_path = false;
}; };
users = { users = {
@ -39,10 +34,14 @@ in
}; };
auth = { auth = {
disable_login_form = false; disable_login_form = true;
disable_signout_menu = false; disable_signout_menu = false;
}; };
security = {
allow_embedding = true;
};
"auth.generic_oauth" = { "auth.generic_oauth" = {
enabled = true; enabled = true;
name = "Enium"; name = "Enium";
@ -62,13 +61,12 @@ in
login_attribute_path = "preferred_username"; login_attribute_path = "preferred_username";
name_attribute_path = "name"; name_attribute_path = "name";
email_attribute_path = "email"; email_attribute_path = "email";
groups_attribute_path = "groups[*]"; groups_attribute_path = "groups";
role_attribute_path = "has(groups, 'grafana_admins') && 'Admin' || has(groups, 'EquipeIT') && 'Editor' || 'Viewer'"; allow_assign_grafana_admin = true; role_attribute_path = "contains(groups, 'Direction') && 'Admin' || contains(groups, 'ResponsableIT') && 'Admin' || contains(groups, 'EquipeIT') && 'Editor' || 'Viewer'";
allow_assign_grafana_admin = true;
role_attribute_strict = false;
skip_org_role_sync = false; skip_org_role_sync = false;
# org_attribute_path = "";
# org_mapping = [];
}; };
}; };
}; };