chore(whitby): Update grafana config

Uncomment and update the grafana config for whitby based on the new
config format that nixos accepts. I've validated this locally by
visually inspecting the resulting `ini` file, but not actually run it
yet.

Change-Id: I12d78ae48146e1b01bd2a4152276d4c6b16c1a3d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7191
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>

ops/machines/whitby/default.nix

@@ -546,73 +546,54 @@ in
       }];
   };
 
-  # XXX: Adapt to https://github.com/NixOS/nixpkgs/pull/191768
   services.grafana = {
-    enable = false;
+    enable = true;
-    port = 4723; # "graf" on phone keyboard
-    domain = "status.tvl.su";
-    rootUrl = "https://status.tvl.su";
-    analytics.reporting.enable = false;
-    # extraOptions =
-    #   let
-    #     options = {
-    #       auth = {
-    #         generic_oauth = {
-    #           enabled = true;
-    #           client_id = "grafana";
-    #           scopes = "openid profile email";
-    #           name = "TVL";
-    #           email_attribute_path = "mail";
-    #           login_attribute_path = "sub";
-    #           name_attribute_path = "displayName";
-    #           auth_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/auth";
-    #           token_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/token";
-    #           api_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/userinfo";
 
-    #           # Give lukegb, grfn, tazjin "Admin" rights.
+    settings = {
-    #           role_attribute_path = "((sub == 'lukegb' || sub == 'grfn' || sub == 'tazjin') && 'Admin') || 'Editor'";
+      server = {
+        http_port = 4723; # "graf" on phone keyboard
+        domain = "status.tvl.su";
+        root_url = "https://status.tvl.su";
+      };
 
-    #           # Allow creating new Grafana accounts from OAuth accounts.
+      analytics.reporting_enabled = false;
-    #           allow_sign_up = true;
-    #         };
 
-    #         anonymous = {
+      "auth.generic_oauth" = {
-    #           enabled = true;
+        enabled = true;
-    #           org_name = "The Virus Lounge";
+        client_id = "grafana";
-    #           org_role = "Viewer";
+        scopes = "openid profile email";
-    #         };
+        name = "TVL";
+        email_attribute_path = "mail";
+        login_attribute_path = "sub";
+        name_attribute_path = "displayName";
+        auth_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/auth";
+        token_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/token";
+        api_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/userinfo";
 
-    #         basic.enabled = false;
+        # Give lukegb, grfn, tazjin "Admin" rights.
-    #         oauth_auto_login = true;
+        role_attribute_path = "((sub == 'lukegb' || sub == 'grfn' || sub == 'tazjin') && 'Admin') || 'Editor'";
-    #         disable_login_form = true;
-    #       };
-    #     };
-    #     inherit (builtins) typeOf replaceStrings listToAttrs concatLists;
-    #     inherit (lib) toUpper mapAttrsToList nameValuePair concatStringsSep;
 
-    #     # Take ["auth" "generic_oauth" "enabled"] and turn it into OPTIONS_GENERIC_OAUTH_ENABLED.
+        # Allow creating new Grafana accounts from OAuth accounts.
-    #     encodeName = raw: replaceStrings [ "." ] [ "_" ] (toUpper (concatStringsSep "_" raw));
+        allow_sign_up = true;
+      };
 
-    #     # Turn an option value into a string, but we want bools to be sensible strings and not "1" or "".
+      "auth.anonymous" = {
-    #     optionToString = value:
+        enabled = true;
-    #       if (typeOf value) == "bool" then
+        org_name = "The Virus Lounge";
-    #         if value then "true" else "false"
+        org_role = "Viewer";
-    #       else builtins.toString value;
+      };
 
-    #     # Turn an nested options attrset into a flat listToAttrs-compatible list.
+      "auth.basic".enabled = false;
-    #     encodeOptions = prefix: inp: concatLists (mapAttrsToList
+
-    #       (name: value:
+      auth = {
-    #         if (typeOf value) == "set"
+        oauth_auto_login = true;
-    #         then encodeOptions (prefix ++ [ name ]) value
+        disable_login_form = true;
-    #         else [ (nameValuePair (encodeName (prefix ++ [ name ])) (optionToString value)) ]
+      };
-    #       )
+    };
-    #       inp);
-    #   in
-    #   listToAttrs (encodeOptions [ ] options);
 
     provision = {
       enable = true;
-      datasources = [{
+      datasources.settings.datasources = [{
         name = "Prometheus";
         type = "prometheus";
         url = "http://localhost:9090";