From 863a776490f27cffe7b6640e64c3dcf646bb5470 Mon Sep 17 00:00:00 2001 From: Alpha Chen Date: Tue, 29 Oct 2024 08:33:03 -0700 Subject: [PATCH] grafana auth, notifications --- lotus-land-story/grafana.yml | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/lotus-land-story/grafana.yml b/lotus-land-story/grafana.yml index 0f92245..a26134a 100644 --- a/lotus-land-story/grafana.yml +++ b/lotus-land-story/grafana.yml @@ -6,11 +6,17 @@ version: 11.2.1 tasks: + - name: Grafana user + ansible.builtin.user: + name: grafana + register: grafana_user + - name: Create Grafana dir ansible.builtin.file: path: /mnt/lotus-land-story/grafana/provisioning/{{ item }} state: directory mode: "0755" + owner: "{{ grafana_user.name }}" loop: - datasources @@ -18,6 +24,9 @@ ansible.builtin.copy: dest: /mnt/lotus-land-story/grafana/grafana.ini content: | + [log] + # level = debug + [metrics] enabled = true disable_total_stats = false @@ -32,6 +41,7 @@ oauth_allow_insecure_email_lookup = true disable_signout_menu = true + # https://www.authelia.com/integration/openid-connect/grafana/ [auth.generic_oauth] enabled = true name = Authelia @@ -48,7 +58,17 @@ name_attribute_path = name use_pkce = true auto_login = true - mode: "0644" + role_attribute_path = contains(groups, 'admin') && 'Admin' || contains(groups, 'editor') && 'Editor' || 'Viewer' + allow_assign_grafana_admin = true + + [smtp] + enabled = true + host = smtp.sendgrid.net:465 + user = apikey + password = {{ grafana.smtp_password }} + from_address = grafana@kejadlen.dev + mode: "0600" + owner: "{{ grafana_user.name }}" - name: Provision Prometheus ansible.builtin.copy: @@ -88,5 +108,6 @@ - name: lotus_land_story etc_hosts: host.docker.internal: host-gateway + user: "{{ grafana_user.uid }}" # vim: ft=yaml.ansible