2 files changed, 39 insertions, 11 deletions

diff --git a/grafana/.env.template b/grafana/.env.template
new file mode 100644
index 0000000..6f75e98
--- /dev/null
+++ b/grafana/.env.template
@@ -0,0 +1,22 @@
+# Copy to '.env' and replace placeholder values
+# ======================================
+
+# ------------------------------
+# OAuth Credentials (REPLACE THESE)
+# ------------------------------
+GF_AUTH_GENERIC_OAUTH_CLIENT_ID=your_client_id_here
+GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=your_client_secret_here
+
+# ------------------------------
+# URLs (Update with your domains)
+# ------------------------------
+GF_SERVER_ROOT_URL=https://your.grafana.domain
+GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://your.auth.provider/oauth/authorize/
+GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://your.auth.provider/oauth/token/
+GF_AUTH_GENERIC_OAUTH_API_URL=https://your.auth.provider/userinfo/
+GF_AUTH_SIGNOUT_REDIRECT_URL=https://your.auth.provider/logout/
+
+# ------------------------------
+# Paths (Update if needed)
+# ------------------------------
+GRAFANA_CONFIG_PATH=./custom.ini  # Path to your custom Grafana config
diff --git a/grafana/compose.yaml b/grafana/compose.yaml
index 84fc349..489cc58 100644
--- a/grafana/compose.yaml
+++ b/grafana/compose.yaml
@@ -2,6 +2,7 @@
 volumes:
   grafana-data:
     driver: local
+
 services:
   grafana:
     image: docker.io/grafana/grafana-oss:11.3.0
@@ -10,25 +11,30 @@ services:
       - 10.0.0.1:3000:3000
     volumes:
       - grafana-data:/var/lib/grafana
-      - $PWD/custom.ini:/etc/grafana/grafana.ini
+      - ${GRAFANA_CONFIG_PATH}:/etc/grafana/grafana.ini
     restart: unless-stopped
     environment:
+      # Static values (unchanged from your original)
       GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
       GF_AUTH_GENERIC_OAUTH_NAME: authentik
-      GF_AUTH_GENERIC_OAUTH_CLIENT_ID: 0M61k3ylqKnGDCSjPbHwtaoIFG6gfiD9crgnSseh
-      GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: VkyB9lbMxxLCLCuy8GAEZTxiY5falzpPpEyUGpZaLu1Fuxl6fgScuaDcaZsmBWJLfOBKMkcqbVFfttZyUXQsUeWrghXqblia2K6ZJrwwFMtarTQcy3HLMRPTgUNPr7JN
       GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email
-      GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.adjutor.eu.org/application/o/authorize/
-      GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.adjutor.eu.org/application/o/token/
-      GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.adjutor.eu.org/application/o/userinfo/
-      GF_AUTH_SIGNOUT_REDIRECT_URL: https://auth.adjutor.eu.org/application/o/grafana/end-session/
-      # Behind a reverse proxy :
-      GF_SERVER_ROOT_URL: "https://dash.adjutor.xyz"
       # Optionally enable auto-login (bypasses Grafana login screen)
       GF_AUTH_OAUTH_AUTO_LOGIN: "true"
       # Optionally map user groups to Grafana roles
-      GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(groups, 'Grafana Admins') &&
-        'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
+      GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: >
+        contains(groups, 'Grafana Admins') && 'Admin' ||
+        contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
+
+      # Dynamic values (from .env)
+      GF_AUTH_GENERIC_OAUTH_CLIENT_ID: ${GF_AUTH_GENERIC_OAUTH_CLIENT_ID}
+      GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: ${GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}
+      # Behind a reverse proxy :
+      GF_SERVER_ROOT_URL: ${GF_SERVER_ROOT_URL}
+      GF_AUTH_GENERIC_OAUTH_AUTH_URL: ${GF_AUTH_GENERIC_OAUTH_AUTH_URL}
+      GF_AUTH_GENERIC_OAUTH_TOKEN_URL: ${GF_AUTH_GENERIC_OAUTH_TOKEN_URL}
+      GF_AUTH_GENERIC_OAUTH_API_URL: ${GF_AUTH_GENERIC_OAUTH_API_URL}
+      GF_AUTH_SIGNOUT_REDIRECT_URL: ${GF_AUTH_SIGNOUT_REDIRECT_URL}
+
     env_file:
       - .env
 networks: {}