# SPDX-FileCopyrightText: 2024 Tom Hubrecht # # SPDX-License-Identifier: EUPL-1.2 { config, ... }: let host = "grafana.dgnum.eu"; port = 3033; file = name: "$__file{${config.age.secrets."grafana-${name}_file".path}}"; in { services = { grafana = { enable = true; settings = { "auth.generic_oauth" = { api_url = "https://sso.dgnum.eu/oauth2/openid/dgn_grafana/userinfo"; auth_url = "https://sso.dgnum.eu/ui/oauth2"; client_id = "dgn_grafana"; client_secret = file "oauth_client_secret"; enabled = true; id_token_attribute_name = "sub"; login_attribute_path = "preferred_username"; name = "Kanidm"; scopes = "email,openid,profile"; token_url = "https://sso.dgnum.eu/oauth2/token"; use_pkce = true; }; database = { type = "postgres"; user = "grafana"; host = "/run/postgresql"; }; security.disable_initial_admin_creation = true; server = { domain = host; enable_gzip = true; enforce_domain = true; http_port = port; root_url = "https://${host}"; router_logging = true; }; smtp = { enabled = true; from_address = "grafana@infra.dgnum.eu"; host = "kurisu.lahfa.xyz:587"; password = file "smtp_password"; user = "web-services@infra.dgnum.eu"; }; users = { default_theme = "system"; default_language = "en-GB"; auto_assign_org_role = "Admin"; }; }; }; postgresql = { ensureDatabases = [ "grafana" ]; ensureUsers = [ { name = "grafana"; ensureDBOwnership = true; } ]; }; }; dgn-web.simpleProxies.grafana = { inherit host port; proxyWebsockets = true; }; age-secrets.autoMatch = [ "grafana" ]; }