[server]
http_port = {{ grafana_cont_port }}
domain = {{ grafana_domain | mandatory }}/
root_url = https://{{ grafana_domain | mandatory }}/

[security]
disable_gravatar = true
cookie_secure = true
cookie_samesite = strict
allow_sign_up = false
admin_user = {{ grafana_username | mandatory }}
# This works only when container is created the first time
admin_password = {{ grafana_password | mandatory }}

[users]
allow_sign_up = false
auto_assign_org = true
auto_assign_org_id = status-im
auto_assign_org_role = Editor

{% if grafana_smtp_enabled %}
[smtp]
enabled = true
from_address = {{ grafana_smtp_from_addr }}
from_name = {{ grafana_smtp_from_name }}
host = {{ grafana_smtp_host | mandatory }}:{{ grafana_smtp_port | mandatory }}
user = {{ grafana_smtp_user | mandatory }}
password = {{ grafana_smtp_pass | mandatory }}
{% endif %}

[snapshots]
external_enabled = {{ grafana_snaphots_enabled | to_json }}

[auth]
disable_login_form = true
oauth_auto_login = true
signout_redirect_url = https://{{ grafana_domain | mandatory }}/

{% if grafana_anonymous %}
[auth.anonymous]
enabled = true
org_name = status-im
org_role = Viewer
{% endif %}

[auth.github]
enabled = true
allow_sign_up = true
client_id = {{ grafana_oauth_id | mandatory }}
client_secret = {{ grafana_oauth_secret | mandatory }}
scopes = user:email,read:org
auth_url = https://github.com/login/oauth/authorize
token_url = https://github.com/login/oauth/access_token
api_url = https://api.github.com/user
allow_sign_up = true
# space-delimited organization names
allowed_organizations = {{ grafana_oauth_gh_org }}
{% if (grafana_oauth_gh_team_ids | length) > 0 %}
team_ids = {{ grafana_oauth_gh_team_ids | join(",") }}
{% endif %}