Commit b0793ac5 authored by Kristian Klausen's avatar Kristian Klausen 🎉
Browse files

grafana: Add anonymous access for dashboards.al.org

parent 14bd47b8
......@@ -14,5 +14,5 @@
- { role: promtail }
- { role: certbot }
- { role: nginx }
- { role: grafana, grafana_domain: 'dashboards.archlinux.org' }
- { role: grafana, grafana_anonymous_access: true, grafana_domain: 'dashboards.archlinux.org' }
- { role: fail2ban }
---
grafana_domain: "grafana.archlinux.org"
grafana_anonymous_access: false
../dashboards/archive.json
\ No newline at end of file
archive.json
\ No newline at end of file
../dashboards/rebuilderd.json
\ No newline at end of file
../dashboards/repository.json
\ No newline at end of file
......@@ -36,6 +36,10 @@
- name: copy grafana dashboards
copy: src=dashboards dest=/var/lib/grafana/dashboards owner=grafana group=grafana mode=0600
- name: copy (public) grafana dashboards
copy: src=public-dashboards dest=/var/lib/grafana/ owner=root group=grafana mode=0640
when: grafana_anonymous_access
- name: install grafana config
template: src=grafana.ini.j2 dest=/etc/grafana.ini owner=grafana group=root mode=0600
notify: restart grafana
......
......@@ -9,6 +9,10 @@ providers:
allowUiUpdates: false
type: file
options:
{% if grafana_anonymous_access %}
path: /var/lib/grafana/public-dashboards
{% else %}
path: /var/lib/grafana/dashboards
{% endif %}
foldersFromFilesStructure: true
apiVersion: 1
datasources:
{% if grafana_anonymous_access %}
- name: Prometheus
type: prometheus
access: proxy
basicAuth: true
basicAuthUser: {{ vault_prometheus_user }}
secureJsonData:
basicAuthPassword: {{ vault_prometheus_passwd }}
url: https://{{ prometheus_domain }}:9090
{% else %}
- name: Prometheus
type: prometheus
access: proxy
......@@ -9,4 +19,4 @@ datasources:
type: loki
access: proxy
url: http://localhost:3100
{% endif %}
......@@ -233,6 +233,11 @@ x_xss_protection = true
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
;min_refresh_interval =
{% if grafana_anonymous_access %}
# Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
default_home_dashboard_path = /var/lib/grafana/public-dashboards/home.json
{% endif %}
#################################### Users ###############################
[users]
# disable user signup / registration
......@@ -303,13 +308,15 @@ oauth_auto_login = true
#################################### Anonymous Auth ######################
[auth.anonymous]
# enable anonymous access
;enabled = false
{% if grafana_anonymous_access %}
enabled = true
{% endif %}
# specify organization name that should be used for unauthenticated users
;org_name = Main Org.
# specify role for unauthenticated users
;org_role = Viewer
org_role = Viewer
#################################### Github Auth ##########################
[auth.github]
......@@ -373,6 +380,7 @@ oauth_auto_login = true
;allowed_domains =
;allowed_groups =
{% if not grafana_anonymous_access %}
#################################### Generic OAuth ##########################
[auth.generic_oauth]
enabled = true
......@@ -394,6 +402,7 @@ role_attribute_path: contains(roles[*], 'DevOps') && 'Admin' || contains(roles[*
;tls_client_cert =
;tls_client_key =
;tls_client_ca =
{% endif %}
#################################### SAML Auth ###########################
[auth.saml] # Enterprise only
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment