nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-19 11:23:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

grafana: add google oauth2 config

Browse Source 
Grafana supports Google OAuth2.
https://grafana.com/docs/grafana/latest/auth/google/
This commit is contained in:
Jarosław Wygoda 2021-04-13 12:33:04 +00:00
parent 3ab6e84b79
commit df3be1718a
1 changed files with 44 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
nixos/modules/services/monitoring/grafana.nix
View File

@ -42,6 +42,9 @@ let
AUTH_ANONYMOUS_ENABLED = boolToString cfg.auth.anonymous.enable; AUTH_ANONYMOUS_ENABLED = boolToString cfg.auth.anonymous.enable;
AUTH_ANONYMOUS_ORG_NAME = cfg.auth.anonymous.org_name; AUTH_ANONYMOUS_ORG_NAME = cfg.auth.anonymous.org_name;
AUTH_ANONYMOUS_ORG_ROLE = cfg.auth.anonymous.org_role; AUTH_ANONYMOUS_ORG_ROLE = cfg.auth.anonymous.org_role;
AUTH_GOOGLE_ENABLED = boolToString cfg.auth.google.enable;
AUTH_GOOGLE_ALLOW_SIGN_UP = boolToString cfg.auth.google.allowSignUp;
AUTH_GOOGLE_CLIENT_ID = cfg.auth.google.clientId;
ANALYTICS_REPORTING_ENABLED = boolToString cfg.analytics.reporting.enable; ANALYTICS_REPORTING_ENABLED = boolToString cfg.analytics.reporting.enable;
@ -528,23 +531,46 @@ in {
}; };
}; };
auth.anonymous = { auth = {
enable = mkOption { anonymous = {
description = "Whether to allow anonymous access."; enable = mkOption {
default = false; description = "Whether to allow anonymous access.";
type = types.bool; default = false;
type = types.bool;
};
org_name = mkOption {
description = "Which organization to allow anonymous access to.";
default = "Main Org.";
type = types.str;
};
org_role = mkOption {
description = "Which role anonymous users have in the organization.";
default = "Viewer";
type = types.str;
};
}; };
org_name = mkOption { google = {
description = "Which organization to allow anonymous access to."; enable = mkOption {
default = "Main Org."; description = "Whether to allow Google OAuth2.";
type = types.str; default = false;
type = types.bool;
};
allowSignUp = mkOption {
description = "Whether to allow sign up with Google OAuth2.";
default = false;
type = types.bool;
};
clientId = mkOption {
description = "Google OAuth2 client ID.";
default = "";
type = types.str;
};
clientSecretFile = mkOption {
description = "Google OAuth2 client secret.";
default = null;
type = types.nullOr types.path;
};
}; };
org_role = mkOption {
description = "Which role anonymous users have in the organization.";
default = "Viewer";
type = types.str;
};
}; };
analytics.reporting = { analytics.reporting = {
@ -609,6 +635,9 @@ in {
QT_QPA_PLATFORM = "offscreen"; QT_QPA_PLATFORM = "offscreen";
} // mapAttrs' (n: v: nameValuePair "GF_${n}" (toString v)) envOptions; } // mapAttrs' (n: v: nameValuePair "GF_${n}" (toString v)) envOptions;
script = '' script = ''
${optionalString (cfg.auth.google.clientSecretFile != null) ''
export GF_AUTH_GOOGLE_CLIENT_SECRET="$(cat ${escapeShellArg cfg.auth.google.clientSecretFile})"
''}
${optionalString (cfg.database.passwordFile != null) '' ${optionalString (cfg.database.passwordFile != null) ''
export GF_DATABASE_PASSWORD="$(cat ${escapeShellArg cfg.database.passwordFile})" export GF_DATABASE_PASSWORD="$(cat ${escapeShellArg cfg.database.passwordFile})"
''} ''}