diff --git a/lib/fudo/grafana.nix b/lib/fudo/grafana.nix index 9d128eb..840b9f5 100644 --- a/lib/fudo/grafana.nix +++ b/lib/fudo/grafana.nix @@ -219,45 +219,44 @@ in { user = cfg.smtp.username; passwordFile = cfg.smtp.password-file; }; - }; - extraOptions = mkIf (cfg.ldap != null) (let - base = cfg.ldap.base-dn; + ldap.auth = mkIf (cfg.ldap != null) (let + base = cfg.ldap.base-dn; - config-file = pkgs.writeText "grafana-ldap.toml" '' - [[servers]] - host = "${concatStringsSep " " cfg.ldap.hosts}" - port = 389 - start_tls = true + config-file = pkgs.writeText "grafana-ldap.toml" '' + [[servers]] + host = "${concatStringsSep " " cfg.ldap.hosts}" + port = 389 + start_tls = true - bind_dn = "uid=%s,ou=members,${base}" + bind_dn = "uid=%s,ou=members,${base}" - search_filter = "(uid=%s)" - search_base_dns = [ "ou=members,${base}" ] + search_filter = "(uid=%s)" + search_base_dns = [ "ou=members,${base}" ] - group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))" - group_search_base_dns = ["ou=groups,${base}"] - group_search_filter_user_attribute = "uid" + group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))" + group_search_base_dns = ["ou=groups,${base}"] + group_search_filter_user_attribute = "uid" - [[servers.group_mappings]] - group_dn = "cn=admin,ou=groups,${base}" - org_role = "Admin" - grafana_admin = true + [[servers.group_mappings]] + group_dn = "cn=admin,ou=groups,${base}" + org_role = "Admin" + grafana_admin = true - [[servers.group_mappings]] - group_dn = "cn=*,ou=groups,${base}" - org_role = "Viewer" - ''; - in { - auth.ldap = { + [[servers.group_mappings]] + group_dn = "cn=*,ou=groups,${base}" + org_role = "Viewer" + ''; + in { enabled = true; allow_sign_up = true; config_file = config-file; - }; - # AUTH_LDAP_ENABLED = "true"; - # AUTH_LDAP_ALLOW_SIGN_UP = "true"; - # AUTH_LDAP_CONFIG_FILE = config-file; - }); + + # AUTH_LDAP_ENABLED = "true"; + # AUTH_LDAP_ALLOW_SIGN_UP = "true"; + # AUTH_LDAP_CONFIG_FILE = config-file; + }); + }; database = { host = cfg.database.hostname;