grafana: add google oauth2 config
Grafana supports Google OAuth2. https://grafana.com/docs/grafana/latest/auth/google/
This commit is contained in:
parent
3ab6e84b79
commit
df3be1718a
|
@ -42,6 +42,9 @@ let
|
||||||
AUTH_ANONYMOUS_ENABLED = boolToString cfg.auth.anonymous.enable;
|
AUTH_ANONYMOUS_ENABLED = boolToString cfg.auth.anonymous.enable;
|
||||||
AUTH_ANONYMOUS_ORG_NAME = cfg.auth.anonymous.org_name;
|
AUTH_ANONYMOUS_ORG_NAME = cfg.auth.anonymous.org_name;
|
||||||
AUTH_ANONYMOUS_ORG_ROLE = cfg.auth.anonymous.org_role;
|
AUTH_ANONYMOUS_ORG_ROLE = cfg.auth.anonymous.org_role;
|
||||||
|
AUTH_GOOGLE_ENABLED = boolToString cfg.auth.google.enable;
|
||||||
|
AUTH_GOOGLE_ALLOW_SIGN_UP = boolToString cfg.auth.google.allowSignUp;
|
||||||
|
AUTH_GOOGLE_CLIENT_ID = cfg.auth.google.clientId;
|
||||||
|
|
||||||
ANALYTICS_REPORTING_ENABLED = boolToString cfg.analytics.reporting.enable;
|
ANALYTICS_REPORTING_ENABLED = boolToString cfg.analytics.reporting.enable;
|
||||||
|
|
||||||
|
@ -528,23 +531,46 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
auth.anonymous = {
|
auth = {
|
||||||
enable = mkOption {
|
anonymous = {
|
||||||
description = "Whether to allow anonymous access.";
|
enable = mkOption {
|
||||||
default = false;
|
description = "Whether to allow anonymous access.";
|
||||||
type = types.bool;
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
org_name = mkOption {
|
||||||
|
description = "Which organization to allow anonymous access to.";
|
||||||
|
default = "Main Org.";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
org_role = mkOption {
|
||||||
|
description = "Which role anonymous users have in the organization.";
|
||||||
|
default = "Viewer";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
org_name = mkOption {
|
google = {
|
||||||
description = "Which organization to allow anonymous access to.";
|
enable = mkOption {
|
||||||
default = "Main Org.";
|
description = "Whether to allow Google OAuth2.";
|
||||||
type = types.str;
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
allowSignUp = mkOption {
|
||||||
|
description = "Whether to allow sign up with Google OAuth2.";
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
clientId = mkOption {
|
||||||
|
description = "Google OAuth2 client ID.";
|
||||||
|
default = "";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
clientSecretFile = mkOption {
|
||||||
|
description = "Google OAuth2 client secret.";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.path;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
org_role = mkOption {
|
|
||||||
description = "Which role anonymous users have in the organization.";
|
|
||||||
default = "Viewer";
|
|
||||||
type = types.str;
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
analytics.reporting = {
|
analytics.reporting = {
|
||||||
|
@ -609,6 +635,9 @@ in {
|
||||||
QT_QPA_PLATFORM = "offscreen";
|
QT_QPA_PLATFORM = "offscreen";
|
||||||
} // mapAttrs' (n: v: nameValuePair "GF_${n}" (toString v)) envOptions;
|
} // mapAttrs' (n: v: nameValuePair "GF_${n}" (toString v)) envOptions;
|
||||||
script = ''
|
script = ''
|
||||||
|
${optionalString (cfg.auth.google.clientSecretFile != null) ''
|
||||||
|
export GF_AUTH_GOOGLE_CLIENT_SECRET="$(cat ${escapeShellArg cfg.auth.google.clientSecretFile})"
|
||||||
|
''}
|
||||||
${optionalString (cfg.database.passwordFile != null) ''
|
${optionalString (cfg.database.passwordFile != null) ''
|
||||||
export GF_DATABASE_PASSWORD="$(cat ${escapeShellArg cfg.database.passwordFile})"
|
export GF_DATABASE_PASSWORD="$(cat ${escapeShellArg cfg.database.passwordFile})"
|
||||||
''}
|
''}
|
||||||
|
|
Loading…
Reference in New Issue