diff options
author | Vincent Ambo <mail@tazj.in> | 2021-12-27T13·56+0300 |
---|---|---|
committer | clbot <clbot@tvl.fyi> | 2021-12-27T14·44+0000 |
commit | 906d6553c65f5eac1f6f77f3984bfd04963cb13f (patch) | |
tree | 9c0b44aeb37a5824bc0d66225f23b2982741afb5 /ops/machines/whitby/default.nix | |
parent | 7154507e78693cd609b1742f8fee51dfcff69d97 (diff) |
fix(whitby): Point grafana at new auth provider r/3468
Grafana was still pointing at the (now non-existent) CAS setup. This changes the endpoints to use Keycloak instead and updates the client secret. Change-Id: Ib25d38330aba2ef6d894e8c33d86852c884ab5be Reviewed-on: https://cl.tvl.fyi/c/depot/+/4706 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: grfn <grfn@gws.fyi>
Diffstat (limited to 'ops/machines/whitby/default.nix')
-rw-r--r-- | ops/machines/whitby/default.nix | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index 727859542938..e013c56196f5 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -500,15 +500,15 @@ in { auth = { generic_oauth = { enabled = true; - client_id = "OAUTH-TVL-grafana-f1A1EmHLDT"; + client_id = "grafana"; scopes = "openid profile email"; name = "TVL"; email_attribute_path = "mail"; login_attribute_path = "sub"; name_attribute_path = "displayName"; - auth_url = "https://login.tvl.fyi/oidc/authorize"; - token_url = "https://login.tvl.fyi/oidc/accessToken"; - api_url = "https://login.tvl.fyi/oidc/profile"; + auth_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/auth"; + token_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/token"; + api_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/userinfo"; # Give lukegb, grfn, tazjin "Admin" rights. role_attribute_path = "((sub == 'lukegb' || sub == 'grfn' || sub == 'tazjin') && 'Admin') || 'Editor'"; @@ -516,11 +516,13 @@ in { # Allow creating new Grafana accounts from OAuth accounts. allow_sign_up = true; }; + anonymous = { enabled = true; org_name = "The Virus Lounge"; org_role = "Viewer"; }; + basic.enabled = false; oauth_auto_login = true; disable_login_form = true; |