grafana: add google oauth2 config

Grafana supports Google OAuth2.
https://grafana.com/docs/grafana/latest/auth/google/
This commit is contained in:
Jarosław Wygoda 2021-04-13 12:33:04 +00:00
parent 3ab6e84b79
commit df3be1718a
1 changed files with 44 additions and 15 deletions

View File

@ -42,6 +42,9 @@ let
AUTH_ANONYMOUS_ENABLED = boolToString cfg.auth.anonymous.enable;
AUTH_ANONYMOUS_ORG_NAME = cfg.auth.anonymous.org_name;
AUTH_ANONYMOUS_ORG_ROLE = cfg.auth.anonymous.org_role;
AUTH_GOOGLE_ENABLED = boolToString cfg.auth.google.enable;
AUTH_GOOGLE_ALLOW_SIGN_UP = boolToString cfg.auth.google.allowSignUp;
AUTH_GOOGLE_CLIENT_ID = cfg.auth.google.clientId;
ANALYTICS_REPORTING_ENABLED = boolToString cfg.analytics.reporting.enable;
@ -528,7 +531,8 @@ in {
};
};
auth.anonymous = {
auth = {
anonymous = {
enable = mkOption {
description = "Whether to allow anonymous access.";
default = false;
@ -544,7 +548,29 @@ in {
default = "Viewer";
type = types.str;
};
};
google = {
enable = mkOption {
description = "Whether to allow Google OAuth2.";
default = false;
type = types.bool;
};
allowSignUp = mkOption {
description = "Whether to allow sign up with Google OAuth2.";
default = false;
type = types.bool;
};
clientId = mkOption {
description = "Google OAuth2 client ID.";
default = "";
type = types.str;
};
clientSecretFile = mkOption {
description = "Google OAuth2 client secret.";
default = null;
type = types.nullOr types.path;
};
};
};
analytics.reporting = {
@ -609,6 +635,9 @@ in {
QT_QPA_PLATFORM = "offscreen";
} // mapAttrs' (n: v: nameValuePair "GF_${n}" (toString v)) envOptions;
script = ''
${optionalString (cfg.auth.google.clientSecretFile != null) ''
export GF_AUTH_GOOGLE_CLIENT_SECRET="$(cat ${escapeShellArg cfg.auth.google.clientSecretFile})"
''}
${optionalString (cfg.database.passwordFile != null) ''
export GF_DATABASE_PASSWORD="$(cat ${escapeShellArg cfg.database.passwordFile})"
''}