grafana: Add anonymous access for dashboards.al.org

playbooks/dashboards.archlinux.org.yml

@@ -14,5 +14,5 @@
     - { role: promtail }
     - { role: certbot }
     - { role: nginx }
-    - { role: grafana, grafana_domain: 'dashboards.archlinux.org' }
+    - { role: grafana, grafana_anonymous_access: true, grafana_domain: 'dashboards.archlinux.org' }
     - { role: fail2ban }

roles/grafana/defaults/main.yml

 ---
 grafana_domain: "grafana.archlinux.org"
+grafana_anonymous_access: false

roles/grafana/files/public-dashboards/archive.json

+../dashboards/archive.json
\ No newline at end of file

roles/grafana/files/public-dashboards/home.json

+archive.json
\ No newline at end of file

roles/grafana/files/public-dashboards/rebuilderd.json

+../dashboards/rebuilderd.json
\ No newline at end of file

roles/grafana/files/public-dashboards/repository.json

+../dashboards/repository.json
\ No newline at end of file

roles/grafana/tasks/main.yml

@@ -36,6 +36,10 @@
 - name: copy grafana dashboards
   copy: src=dashboards dest=/var/lib/grafana/dashboards owner=grafana group=grafana mode=0600
 
+- name: copy (public) grafana dashboards
+  copy: src=public-dashboards dest=/var/lib/grafana/ owner=root group=grafana mode=0640
+  when: grafana_anonymous_access
+
 - name: install grafana config
   template: src=grafana.ini.j2 dest=/etc/grafana.ini owner=grafana group=root mode=0600
   notify: restart grafana

roles/grafana/templates/dashboard.yaml.j2

@@ -9,6 +9,10 @@ providers:
    allowUiUpdates: false
    type: file
    options:
+{% if grafana_anonymous_access %}
+     path: /var/lib/grafana/public-dashboards
+{% else %}
      path: /var/lib/grafana/dashboards
+{% endif %}
      foldersFromFilesStructure: true
 

roles/grafana/templates/datasources.yaml.j2

 apiVersion: 1
 
 datasources:
+{% if grafana_anonymous_access %}
+- name: Prometheus
+  type: prometheus
+  access: proxy
+  basicAuth: true
+  basicAuthUser: {{ vault_prometheus_user }}
+  secureJsonData:
+    basicAuthPassword: {{ vault_prometheus_passwd }}
+  url: https://{{ prometheus_domain }}:9090
+{% else %}
 - name: Prometheus
   type: prometheus
   access: proxy
@@ -9,4 +19,4 @@ datasources:
   type: loki
   access: proxy
   url: http://localhost:3100
-
+{% endif %}

roles/grafana/templates/grafana.ini.j2

@@ -233,6 +233,11 @@ x_xss_protection = true
 # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
 ;min_refresh_interval =
 
+{% if grafana_anonymous_access %}
+# Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
+default_home_dashboard_path = /var/lib/grafana/public-dashboards/home.json
+{% endif %}
+
 #################################### Users ###############################
 [users]
 # disable user signup / registration
@@ -303,13 +308,15 @@ oauth_auto_login = true
 #################################### Anonymous Auth ######################
 [auth.anonymous]
 # enable anonymous access
-;enabled = false
+{% if grafana_anonymous_access %}
+enabled = true
+{% endif %}
 
 # specify organization name that should be used for unauthenticated users
 ;org_name = Main Org.
 
 # specify role for unauthenticated users
-;org_role = Viewer
+org_role = Viewer
 
 #################################### Github Auth ##########################
 [auth.github]
@@ -373,6 +380,7 @@ oauth_auto_login = true
 ;allowed_domains =
 ;allowed_groups =
 
+{% if not grafana_anonymous_access %}
 #################################### Generic OAuth ##########################
 [auth.generic_oauth]
 enabled = true
@@ -394,6 +402,7 @@ role_attribute_path: contains(roles[*], 'DevOps') && 'Admin' || contains(roles[*
 ;tls_client_cert =
 ;tls_client_key =
 ;tls_client_ca =
+{% endif %}
 
 #################################### SAML Auth ###########################
 [auth.saml] # Enterprise only