Commit a0526102 authored by Levente Polyak's avatar Levente Polyak 🚀
Browse files

Merge branch 'sync-configs' into 'master'

sync sshd and grafana configs

See merge request !514
parents 4ac89ea9 8ce033b2
Pipeline #14587 passed with stage
in 34 seconds
......@@ -222,6 +222,12 @@ admin_user = admin
# used for signing
secret_key = {{ vault_grafana_secret_key }}
# current key provider used for envelope encryption, default to static value specified by secret_key
;encryption_provider = secretKey
# list of configured key providers, space separated (Enterprise only): e.g., awskms.v1 azurekv.v1
;available_encryption_providers =
# disable gravatar profile images
;disable_gravatar = false
......@@ -243,7 +249,6 @@ cookie_samesite = strict
# Set to true if you want to enable http strict transport security (HSTS) response header.
# This is only sent when HTTPS is enabled in this configuration.
# HSTS tells browsers that the site should only be accessed using HTTPS.
# The default version will change to true in the next minor release, 6.3.
strict_transport_security = true
# Sets how long a browser should cache HSTS. Only applied if strict_transport_security is enabled.
......@@ -296,9 +301,11 @@ strict_transport_security_max_age_seconds = 86400
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
;min_refresh_interval = 5s
{% if grafana_anonymous_access %}
# Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
{% if grafana_anonymous_access %}
default_home_dashboard_path = /var/lib/grafana/public-dashboards/home.json
{% else %}
;default_home_dashboard_path =
{% endif %}
#################################### Users ###############################
......@@ -386,9 +393,7 @@ oauth_auto_login = true
#################################### Anonymous Auth ######################
[auth.anonymous]
# enable anonymous access
{% if grafana_anonymous_access %}
enabled = true
{% endif %}
enabled = {% if grafana_anonymous_access %}true{% else %}false{% endif %}
# specify organization name that should be used for unauthenticated users
;org_name = Main Org.
......@@ -397,7 +402,7 @@ enabled = true
org_role = Viewer
# mask the Grafana version number for unauthenticated users
;hide_version = false
hide_version = true
#################################### GitHub Auth ##########################
[auth.github]
......@@ -507,6 +512,7 @@ role_attribute_strict = true
;tls_client_cert =
;tls_client_key =
;tls_client_ca =
;use_pkce = false
{% endif %}
#################################### Basic Auth ##########################
......@@ -719,7 +725,7 @@ mode = syslog
enabled = true
# Comma-separated list of organization IDs for which to disable unified alerting. Only supported if unified alerting is enabled.
;disabled_orgs =
;disabled_orgs =
# Specify the frequency of polling for admin config changes.
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
......@@ -940,14 +946,16 @@ enabled = false
;disable_sanitize_html = false
[plugins]
enable_alpha = true
;enable_alpha = false
;app_tls_skip_verify_insecure = false
# Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded.
;allow_loading_unsigned_plugins =
# Enable or disable installing plugins directly from within Grafana.
# Enable or disable installing / uninstalling / updating plugins directly from within Grafana.
;plugin_admin_enabled = false
;plugin_admin_external_manage_enabled = false
;plugin_catalog_url = https://grafana.com/grafana/plugins/
# Enter a comma-separated list of plugin identifiers to hide in the plugin catalog.
;plugin_catalog_hidden_plugins =
#################################### Grafana Live ##########################################
[live]
......@@ -1013,12 +1021,14 @@ enable_alpha = true
# Mode 'reusable' will have one browser instance and will create a new incognito page on each request.
;rendering_mode =
# When rendering_mode = clustered you can instruct how many browsers or incognito pages can execute concurrently. Default is 'browser'
# When rendering_mode = clustered, you can instruct how many browsers or incognito pages can execute concurrently. Default is 'browser'
# and will cluster using browser instances.
# Mode 'context' will cluster using incognito pages.
;rendering_clustering_mode =
# When rendering_mode = clustered you can define maximum number of browser instances/incognito pages that can execute concurrently..
# When rendering_mode = clustered, you can define the maximum number of browser instances/incognito pages that can execute concurrently. Default is '5'.
;rendering_clustering_max_concurrency =
# When rendering_mode = clustered, you can specify the duration a rendering request can take before it will time out. Default is `30` seconds.
;rendering_clustering_timeout =
# Limit the maximum viewport width, height and device scale factor that can be requested.
;rendering_viewport_max_width =
......@@ -1061,3 +1071,16 @@ enable_alpha = true
[expressions]
# Enable or disable the expressions functionality.
;enabled = true
[geomap]
# Set the JSON configuration for the default basemap
;default_baselayer_config = `{
; "type": "xyz",
; "config": {
; "attribution": "Open street map",
; "url": "https://tile.openstreetmap.org/{z}/{x}/{y}.png"
; }
;}`
# Enable or disable loading other base map layers
;enable_custom_baselayers = true
# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
......@@ -16,7 +16,6 @@
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
......@@ -59,7 +58,7 @@ PasswordAuthentication no
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
ChallengeResponseAuthentication no
KbdInteractiveAuthentication no
# Kerberos options
#KerberosAuthentication no
......@@ -73,13 +72,13 @@ ChallengeResponseAuthentication no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes
{% if 'buildservers' in group_names %}
......@@ -97,7 +96,6 @@ AllowTcpForwarding no
PrintMotd no # pam does that
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment