From b2be6de5224b01f7016032366d01d7f6111bdecd Mon Sep 17 00:00:00 2001 From: clyhtsuriva Date: Sat, 24 May 2025 21:48:29 +0200 Subject: Migrating values to .env & create .env.template --- grafana/.env.template | 22 ++++++++++++++++++++++ grafana/compose.yaml | 28 +++++++++++++++++----------- 2 files changed, 39 insertions(+), 11 deletions(-) create mode 100644 grafana/.env.template diff --git a/grafana/.env.template b/grafana/.env.template new file mode 100644 index 0000000..6f75e98 --- /dev/null +++ b/grafana/.env.template @@ -0,0 +1,22 @@ +# Copy to '.env' and replace placeholder values +# ====================================== + +# ------------------------------ +# OAuth Credentials (REPLACE THESE) +# ------------------------------ +GF_AUTH_GENERIC_OAUTH_CLIENT_ID=your_client_id_here +GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=your_client_secret_here + +# ------------------------------ +# URLs (Update with your domains) +# ------------------------------ +GF_SERVER_ROOT_URL=https://your.grafana.domain +GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://your.auth.provider/oauth/authorize/ +GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://your.auth.provider/oauth/token/ +GF_AUTH_GENERIC_OAUTH_API_URL=https://your.auth.provider/userinfo/ +GF_AUTH_SIGNOUT_REDIRECT_URL=https://your.auth.provider/logout/ + +# ------------------------------ +# Paths (Update if needed) +# ------------------------------ +GRAFANA_CONFIG_PATH=./custom.ini # Path to your custom Grafana config diff --git a/grafana/compose.yaml b/grafana/compose.yaml index 84fc349..489cc58 100644 --- a/grafana/compose.yaml +++ b/grafana/compose.yaml @@ -2,6 +2,7 @@ volumes: grafana-data: driver: local + services: grafana: image: docker.io/grafana/grafana-oss:11.3.0 @@ -10,25 +11,30 @@ services: - 10.0.0.1:3000:3000 volumes: - grafana-data:/var/lib/grafana - - $PWD/custom.ini:/etc/grafana/grafana.ini + - ${GRAFANA_CONFIG_PATH}:/etc/grafana/grafana.ini restart: unless-stopped environment: + # Static values (unchanged from your original) GF_AUTH_GENERIC_OAUTH_ENABLED: "true" GF_AUTH_GENERIC_OAUTH_NAME: authentik - GF_AUTH_GENERIC_OAUTH_CLIENT_ID: 0M61k3ylqKnGDCSjPbHwtaoIFG6gfiD9crgnSseh - GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: VkyB9lbMxxLCLCuy8GAEZTxiY5falzpPpEyUGpZaLu1Fuxl6fgScuaDcaZsmBWJLfOBKMkcqbVFfttZyUXQsUeWrghXqblia2K6ZJrwwFMtarTQcy3HLMRPTgUNPr7JN GF_AUTH_GENERIC_OAUTH_SCOPES: openid profile email - GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.adjutor.eu.org/application/o/authorize/ - GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.adjutor.eu.org/application/o/token/ - GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.adjutor.eu.org/application/o/userinfo/ - GF_AUTH_SIGNOUT_REDIRECT_URL: https://auth.adjutor.eu.org/application/o/grafana/end-session/ - # Behind a reverse proxy : - GF_SERVER_ROOT_URL: "https://dash.adjutor.xyz" # Optionally enable auto-login (bypasses Grafana login screen) GF_AUTH_OAUTH_AUTO_LOGIN: "true" # Optionally map user groups to Grafana roles - GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(groups, 'Grafana Admins') && - 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer' + GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: > + contains(groups, 'Grafana Admins') && 'Admin' || + contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer' + + # Dynamic values (from .env) + GF_AUTH_GENERIC_OAUTH_CLIENT_ID: ${GF_AUTH_GENERIC_OAUTH_CLIENT_ID} + GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: ${GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET} + # Behind a reverse proxy : + GF_SERVER_ROOT_URL: ${GF_SERVER_ROOT_URL} + GF_AUTH_GENERIC_OAUTH_AUTH_URL: ${GF_AUTH_GENERIC_OAUTH_AUTH_URL} + GF_AUTH_GENERIC_OAUTH_TOKEN_URL: ${GF_AUTH_GENERIC_OAUTH_TOKEN_URL} + GF_AUTH_GENERIC_OAUTH_API_URL: ${GF_AUTH_GENERIC_OAUTH_API_URL} + GF_AUTH_SIGNOUT_REDIRECT_URL: ${GF_AUTH_SIGNOUT_REDIRECT_URL} + env_file: - .env networks: {} -- cgit v1.2.3