diff options
| author | Jarosław Wygoda <jaroslaw@wygoda.me> | 2021-04-13 12:33:04 +0000 |
|---|---|---|
| committer | Jarosław Wygoda <jaroslaw@wygoda.me> | 2021-04-13 12:33:04 +0000 |
| commit | df3be1718a351df2bfa3ec8e2d592faabb62515e (patch) | |
| tree | dbe18eab1626773e69b8ae94ab367c4555d00b13 /nixos/modules/services/monitoring | |
| parent | 3ab6e84b79abc45855e666fff33078189b4960c3 (diff) | |
| download | nixpkgs-df3be1718a351df2bfa3ec8e2d592faabb62515e.tar nixpkgs-df3be1718a351df2bfa3ec8e2d592faabb62515e.tar.gz nixpkgs-df3be1718a351df2bfa3ec8e2d592faabb62515e.tar.bz2 nixpkgs-df3be1718a351df2bfa3ec8e2d592faabb62515e.tar.lz nixpkgs-df3be1718a351df2bfa3ec8e2d592faabb62515e.tar.xz nixpkgs-df3be1718a351df2bfa3ec8e2d592faabb62515e.tar.zst nixpkgs-df3be1718a351df2bfa3ec8e2d592faabb62515e.zip | |
grafana: add google oauth2 config
Grafana supports Google OAuth2. https://grafana.com/docs/grafana/latest/auth/google/
Diffstat (limited to 'nixos/modules/services/monitoring')
| -rw-r--r-- | nixos/modules/services/monitoring/grafana.nix | 59 |
1 files changed, 44 insertions, 15 deletions
diff --git a/nixos/modules/services/monitoring/grafana.nix b/nixos/modules/services/monitoring/grafana.nix index 86e306ab404..4ebde6f9b10 100644 --- a/nixos/modules/services/monitoring/grafana.nix +++ b/nixos/modules/services/monitoring/grafana.nix @@ -42,6 +42,9 @@ let AUTH_ANONYMOUS_ENABLED = boolToString cfg.auth.anonymous.enable; AUTH_ANONYMOUS_ORG_NAME = cfg.auth.anonymous.org_name; AUTH_ANONYMOUS_ORG_ROLE = cfg.auth.anonymous.org_role; + AUTH_GOOGLE_ENABLED = boolToString cfg.auth.google.enable; + AUTH_GOOGLE_ALLOW_SIGN_UP = boolToString cfg.auth.google.allowSignUp; + AUTH_GOOGLE_CLIENT_ID = cfg.auth.google.clientId; ANALYTICS_REPORTING_ENABLED = boolToString cfg.analytics.reporting.enable; @@ -528,23 +531,46 @@ in { }; }; - auth.anonymous = { - enable = mkOption { - description = "Whether to allow anonymous access."; - default = false; - type = types.bool; - }; - org_name = mkOption { - description = "Which organization to allow anonymous access to."; - default = "Main Org."; - type = types.str; + auth = { + anonymous = { + enable = mkOption { + description = "Whether to allow anonymous access."; + default = false; + type = types.bool; + }; + org_name = mkOption { + description = "Which organization to allow anonymous access to."; + default = "Main Org."; + type = types.str; + }; + org_role = mkOption { + description = "Which role anonymous users have in the organization."; + default = "Viewer"; + type = types.str; + }; }; - org_role = mkOption { - description = "Which role anonymous users have in the organization."; - default = "Viewer"; - type = types.str; + google = { + enable = mkOption { + description = "Whether to allow Google OAuth2."; + default = false; + type = types.bool; + }; + allowSignUp = mkOption { + description = "Whether to allow sign up with Google OAuth2."; + default = false; + type = types.bool; + }; + clientId = mkOption { + description = "Google OAuth2 client ID."; + default = ""; + type = types.str; + }; + clientSecretFile = mkOption { + description = "Google OAuth2 client secret."; + default = null; + type = types.nullOr types.path; + }; }; - }; analytics.reporting = { @@ -609,6 +635,9 @@ in { QT_QPA_PLATFORM = "offscreen"; } // mapAttrs' (n: v: nameValuePair "GF_${n}" (toString v)) envOptions; script = '' + ${optionalString (cfg.auth.google.clientSecretFile != null) '' + export GF_AUTH_GOOGLE_CLIENT_SECRET="$(cat ${escapeShellArg cfg.auth.google.clientSecretFile})" + ''} ${optionalString (cfg.database.passwordFile != null) '' export GF_DATABASE_PASSWORD="$(cat ${escapeShellArg cfg.database.passwordFile})" ''} |