infra-role-grafana/templates/grafana.ini.j2

[server]
http_port = {{ grafana_cont_port }}
domain = {{ grafana_domain | mandatory }}/
root_url = https://{{ grafana_domain | mandatory }}/

[security]
disable_gravatar = true
cookie_secure = true
cookie_samesite = strict
allow_sign_up = false
admin_user = {{ grafana_username | mandatory }}
# This works only when container is created the first time
admin_password = {{ grafana_password | mandatory }}

[users]
allow_sign_up = false
auto_assign_org = true
auto_assign_org_id = status-im
auto_assign_org_role = Editor

{% if grafana_smtp_enabled %}
[smtp]
enabled = true
from_address = {{ grafana_smtp_from_addr }}
from_name = {{ grafana_smtp_from_name }}
host = {{ grafana_smtp_host | mandatory }}:{{ grafana_smtp_port | mandatory }}
user = {{ grafana_smtp_user | mandatory }}
password = {{ grafana_smtp_pass | mandatory }}
{% endif %}

[snapshots]
external_enabled = {{ grafana_snaphots_enabled | to_json }}

[auth]
disable_login_form = true
oauth_auto_login = true
signout_redirect_url = https://{{ grafana_domain | mandatory }}/

{% if grafana_anonymous %}
[auth.anonymous]
enabled = true
org_name = status-im
org_role = Viewer
{% endif %}

[auth.github]
enabled = true
allow_sign_up = true
client_id = {{ grafana_oauth_id | mandatory }}
client_secret = {{ grafana_oauth_secret | mandatory }}
scopes = user:email,read:org
auth_url = https://github.com/login/oauth/authorize
token_url = https://github.com/login/oauth/access_token
api_url = https://api.github.com/user
allow_sign_up = true
# space-delimited organization names
allowed_organizations = {{ grafana_oauth_gh_org }}
{% if (grafana_oauth_gh_team_ids | length) > 0 %}
team_ids = {{ grafana_oauth_gh_team_ids | join(",") }}
{% endif %}
add grafana role files Signed-off-by: Jakub Sokołowski <jakub@status.im> 2020-12-01 16:47:20 +00:00			`[server]`
configure Nginx proxy for use with ssl-proxy Otherwise we can't block access to certain sensitive paths like `/metrics`. https://github.com/status-im/infra-hq/issues/73 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-03-30 13:53:25 +00:00			`http_port = {{ grafana_cont_port }}`
add grafana role files Signed-off-by: Jakub Sokołowski <jakub@status.im> 2020-12-01 16:47:20 +00:00			`domain = {{ grafana_domain \| mandatory }}/`
			`root_url = https://{{ grafana_domain \| mandatory }}/`

			`[security]`
			`disable_gravatar = true`
config: enable strict cookie secret checking Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-10-25 13:38:44 +00:00			`cookie_secure = true`
			`cookie_samesite = strict`
add grafana role files Signed-off-by: Jakub Sokołowski <jakub@status.im> 2020-12-01 16:47:20 +00:00			`allow_sign_up = false`
			`admin_user = {{ grafana_username \| mandatory }}`
			`# This works only when container is created the first time`
			`admin_password = {{ grafana_password \| mandatory }}`

			`[users]`
			`allow_sign_up = false`
			`auto_assign_org = true`
			`auto_assign_org_id = status-im`
			`auto_assign_org_role = Editor`

			`{% if grafana_smtp_enabled %}`
			`[smtp]`
			`enabled = true`
			`from_address = {{ grafana_smtp_from_addr }}`
			`from_name = {{ grafana_smtp_from_name }}`
			`host = {{ grafana_smtp_host \| mandatory }}:{{ grafana_smtp_port \| mandatory }}`
			`user = {{ grafana_smtp_user \| mandatory }}`
			`password = {{ grafana_smtp_pass \| mandatory }}`
			`{% endif %}`

			`[snapshots]`
			`external_enabled = {{ grafana_snaphots_enabled \| to_json }}`

			`[auth]`
			`disable_login_form = true`
			`oauth_auto_login = true`
			`signout_redirect_url = https://{{ grafana_domain \| mandatory }}/`

			`{% if grafana_anonymous %}`
			`[auth.anonymous]`
			`enabled = true`
			`org_name = status-im`
			`org_role = Viewer`
			`{% endif %}`

			`[auth.github]`
			`enabled = true`
			`allow_sign_up = true`
			`client_id = {{ grafana_oauth_id \| mandatory }}`
			`client_secret = {{ grafana_oauth_secret \| mandatory }}`
			`scopes = user:email,read:org`
			`auth_url = https://github.com/login/oauth/authorize`
			`token_url = https://github.com/login/oauth/access_token`
			`api_url = https://api.github.com/user`
			`allow_sign_up = true`
			`# space-delimited organization names`
allow changing github oauth org and teams Signed-off-by: Jakub Sokołowski <jakub@status.im> 2020-12-01 18:22:08 +00:00			`allowed_organizations = {{ grafana_oauth_gh_org }}`
			`{% if (grafana_oauth_gh_team_ids \| length) > 0 %}`
			`team_ids = {{ grafana_oauth_gh_team_ids \| join(",") }}`
			`{% endif %}`