grafana: rebase grafana.ini to grafana 11.0.0-1

roles/grafana/templates/grafana.ini.j2

@@ -9,10 +9,6 @@
 # instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
 ;instance_name = ${HOSTNAME}
 
-# force migration will run migrations that might cause dataloss
-# Deprecated, use clean_upgrade option in [unified_alerting.upgrade] instead.
-;force_migration = false
-
 #################################### Paths ####################################
 [paths]
 # Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used)
@@ -71,6 +67,9 @@ root_url = https://{{grafana_domain}}
 ;cert_file =
 ;cert_key =
 
+# Certificates file watch interval
+;certs_watch_interval =
+
 # Unix socket gid
 # Changing the gid of a file without privileges requires that the target group is in the group of the process and that the process is the file owner
 # It is recommended to set the gid as http server user gid
@@ -163,7 +162,10 @@ path = ":memory"
 # For "sqlite3" only. Enable/disable Write-Ahead Logging, https://sqlite.org/wal.html. Default is false.
 ;wal = false
 
-# For "mysql" only if migrationLocking feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0.
+# For "mysql" and "postgres" only. Lock the database for the migrations, default is true.
+;migration_locking = true
+
+# For "mysql" and "postgres" only. How many seconds to wait before failing to lock the database for the migrations, default is 0.
 ;locking_attempt_timeout_sec = 0
 
 # For "sqlite" only. How many times to retry query in case of database is locked failures. Default is 0 (disabled).
@@ -383,8 +385,8 @@ cookie_samesite = strict
 # $NONCE in the template includes a random nonce.
 # $ROOT_PATH is server.root_url without the protocol.
 ;content_security_policy_report_only_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"""
-# Controls if old angular plugins are supported or not. This will be disabled by default in future release
-;angular_support_enabled = true
+# Controls if old angular plugins are supported or not.
+;angular_support_enabled = false
 
 # List of additional allowed URLs to pass by the CSRF check, separated by spaces. Suggested when authentication comes from an IdP.
 ;csrf_trusted_origins = example.com
@@ -460,6 +462,9 @@ allow_sign_up = false
 # Require email validation before sign up completes
 ;verify_email_enabled = false
 
+# Redirect to default OrgId after login
+;login_default_org_id =
+
 # Background text for the user field on the login page
 ;login_hint = email or username
 ;password_hint = password
@@ -487,6 +492,9 @@ viewers_can_edit = true
 # The duration in time a user invitation remains valid before expiring. This setting should be expressed as a duration. Examples: 6h (hours), 2d (days), 1w (week). Default is 24h (24 hours). The minimum supported duration is 15m (15 minutes).
 ;user_invite_max_lifetime_duration = 24h
 
+# The duration in time a verification email, used to update the email address of a user, remains valid before expiring. This setting should be expressed as a duration. Examples: 6h (hours), 2d (days), 1w (week). Default is 1h (1 hour).
+;verification_email_max_lifetime_duration = 1h
+
 # Enter a comma-separated list of users login to hide them in the Grafana UI. These users are shown to Grafana admins and themselves.
 ; hidden_users =
 
@@ -544,10 +552,6 @@ signout_redirect_url = https://accounts.archlinux.org/realms/archlinux/protocol/
 # OAuth state max age cookie duration in seconds. Defaults to 600 seconds.
 ;oauth_state_cookie_max_age = 600
 
-# Skip forced assignment of OrgID 1 or 'auto_assign_org_id' for social logins
-# Deprecated, use skip_org_role_sync option for specific provider instead.
-;oauth_skip_org_role_update_sync = false
-
 # limit of api_key seconds to live before expiration
 ;api_key_max_seconds_to_live = -1
 
@@ -781,6 +785,8 @@ role_attribute_strict = true
 ;header_name = X-JWT-Assertion
 ;email_claim = sub
 ;username_claim = sub
+;email_attribute_path = jmespath.email
+;username_attribute_path = jmespath.username
 ;jwk_set_url = https://foo.bar/.well-known/jwks.json
 ;jwk_set_file = /path/to/jwks.json
 ;cache_ttl = 60m
@@ -871,6 +877,13 @@ role_attribute_strict = true
 # Disabled by default, needs to be explicitly enabled
 ;user_identity_enabled = false
 
+# Specifies whether user identity authentication fallback credentials should be enabled in data sources
+# Enabling this allows data source creators to provide fallback credentials for backend initiated requests
+# e.g. alerting, recorded queries etc.
+# Enabled by default, needs to be explicitly disabled
+# Will not have any effect if user identity is disabled above
+;user_identity_fallback_credentials_enabled = true
+
 # Override token URL for Azure Active Directory
 # By default is the same as token URL configured for AAD authentication settings
 ;user_identity_token_url =
@@ -1126,17 +1139,17 @@ mode = syslog
 # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
 ;ha_push_pull_interval = "60s"
 
-# Enable or disable alerting rule execution. The alerting UI remains visible. This option has a legacy version in the `[alerting]` section that takes precedence.
+# Enable or disable alerting rule execution. The alerting UI remains visible.
 ;execute_alerts = true
 
-# Alert evaluation timeout when fetching data from the datasource. This option has a legacy version in the `[alerting]` section that takes precedence.
+# Alert evaluation timeout when fetching data from the datasource.
 # The timeout string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
 ;evaluation_timeout = 30s
 
 # Number of times we'll attempt to evaluate an alert rule before giving up on that evaluation. The default value is 1.
 ;max_attempts = 1
 
-# Minimum interval to enforce between rule evaluations. Rules will be adjusted if they are less than this value  or if they are not multiple of the scheduler interval (10s). Higher values can help with resource management as we'll schedule fewer evaluations over time. This option has a legacy version in the `[alerting]` section that takes precedence.
+# Minimum interval to enforce between rule evaluations. Rules will be adjusted if they are less than this value  or if they are not multiple of the scheduler interval (10s). Higher values can help with resource management as we'll schedule fewer evaluations over time.
 # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
 ;min_interval = 10s
 
@@ -1203,54 +1216,25 @@ mode = syslog
 # Optional password for basic authentication on requests sent to Loki. Can be left blank.
 ; loki_basic_auth_password = "mypass"
 
+# For "loki" only.
+# Optional max query length for queries sent to Loki. Default is 721h which matches the default Loki value.
+; loki_max_query_length = 360h
+
 [unified_alerting.state_history.external_labels]
 # Optional extra labels to attach to outbound state history records or log streams.
 # Any number of label key-value-pairs can be provided.
 ; mylabelkey = mylabelvalue
 
-[unified_alerting.upgrade]
-# If set to true when upgrading from legacy alerting to Unified Alerting, grafana will first delete all existing
-# Unified Alerting resources, thus re-upgrading all organizations from scratch. If false or unset, organizations that
-# have previously upgraded will not lose their existing Unified Alerting data when switching between legacy and
-# Unified Alerting. Should be kept false when not needed as it may cause unintended data-loss if left enabled.
-;clean_upgrade = false
-
-#################################### Alerting ############################
-[alerting]
-# Disable legacy alerting engine & UI features
-;enabled = false
-
-# Makes it possible to turn off alert execution but alerting UI is visible
-;execute_alerts = true
-
-# Default setting for new alert rules. Defaults to categorize error and timeouts as alerting. (alerting, keep_state)
-;error_or_timeout = alerting
-
-# Default setting for how Grafana handles nodata or null values in alerting. (alerting, no_data, keep_state, ok)
-;nodata_or_nullvalues = no_data
-
-# Alert notifications can include images, but rendering many images at the same time can overload the server
-# This limit will protect the server from render overloading and make sure notifications are sent out quickly
-;concurrent_render_limit = 5
-
-# Default setting for alert calculation timeout. Default value is 30
-;evaluation_timeout_seconds = 30
-
-# Default setting for alert notification timeout. Default value is 30
-;notification_timeout_seconds = 30
-
-# Default setting for max attempts to sending alert notifications. Default value is 3
-;max_attempts = 3
-
-# Makes it possible to enforce a minimal interval between evaluations, to reduce load on the backend
-;min_interval_seconds = 1
+[unified_alerting.state_history.annotations]
+# This section controls retention of annotations automatically created while evaluating alert rules
+# when alerting state history backend is configured to be annotations (a setting [unified_alerting.state_history].backend
 
 # Configures for how long alert annotations are stored. Default is 0, which keeps them forever.
-# This setting should be expressed as a duration. Examples: 6h (hours), 10d (days), 2w (weeks), 1M (month).
-;max_annotation_age =
+# This setting should be expressed as an duration. Ex 6h (hours), 10d (days), 2w (weeks), 1M (month).
+max_age =
 
 # Configures max number of alert annotations that Grafana stores. Default value is 0, which keeps all alert annotations.
-;max_annotations_to_keep =
+max_annotations_to_keep =
 
 #################################### Annotations #########################
 [annotations]