diff options
Diffstat (limited to 'ops/machines/whitby')
-rw-r--r-- | ops/machines/whitby/default.nix | 107 |
1 files changed, 44 insertions, 63 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index 2a4e4053da15..c31fe428c4c0 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -546,73 +546,54 @@ in }]; }; - # XXX: Adapt to https://github.com/NixOS/nixpkgs/pull/191768 services.grafana = { - enable = false; - port = 4723; # "graf" on phone keyboard - domain = "status.tvl.su"; - rootUrl = "https://status.tvl.su"; - analytics.reporting.enable = false; - # extraOptions = - # let - # options = { - # auth = { - # generic_oauth = { - # enabled = true; - # client_id = "grafana"; - # scopes = "openid profile email"; - # name = "TVL"; - # email_attribute_path = "mail"; - # login_attribute_path = "sub"; - # name_attribute_path = "displayName"; - # auth_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/auth"; - # token_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/token"; - # api_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/userinfo"; - - # # Give lukegb, grfn, tazjin "Admin" rights. - # role_attribute_path = "((sub == 'lukegb' || sub == 'grfn' || sub == 'tazjin') && 'Admin') || 'Editor'"; - - # # Allow creating new Grafana accounts from OAuth accounts. - # allow_sign_up = true; - # }; - - # anonymous = { - # enabled = true; - # org_name = "The Virus Lounge"; - # org_role = "Viewer"; - # }; - - # basic.enabled = false; - # oauth_auto_login = true; - # disable_login_form = true; - # }; - # }; - # inherit (builtins) typeOf replaceStrings listToAttrs concatLists; - # inherit (lib) toUpper mapAttrsToList nameValuePair concatStringsSep; - - # # Take ["auth" "generic_oauth" "enabled"] and turn it into OPTIONS_GENERIC_OAUTH_ENABLED. - # encodeName = raw: replaceStrings [ "." ] [ "_" ] (toUpper (concatStringsSep "_" raw)); - - # # Turn an option value into a string, but we want bools to be sensible strings and not "1" or "". - # optionToString = value: - # if (typeOf value) == "bool" then - # if value then "true" else "false" - # else builtins.toString value; - - # # Turn an nested options attrset into a flat listToAttrs-compatible list. - # encodeOptions = prefix: inp: concatLists (mapAttrsToList - # (name: value: - # if (typeOf value) == "set" - # then encodeOptions (prefix ++ [ name ]) value - # else [ (nameValuePair (encodeName (prefix ++ [ name ])) (optionToString value)) ] - # ) - # inp); - # in - # listToAttrs (encodeOptions [ ] options); + enable = true; + + settings = { + server = { + http_port = 4723; # "graf" on phone keyboard + domain = "status.tvl.su"; + root_url = "https://status.tvl.su"; + }; + + analytics.reporting_enabled = false; + + "auth.generic_oauth" = { + enabled = true; + client_id = "grafana"; + scopes = "openid profile email"; + name = "TVL"; + email_attribute_path = "mail"; + login_attribute_path = "sub"; + name_attribute_path = "displayName"; + auth_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/auth"; + token_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/token"; + api_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/userinfo"; + + # Give lukegb, grfn, tazjin "Admin" rights. + role_attribute_path = "((sub == 'lukegb' || sub == 'grfn' || sub == 'tazjin') && 'Admin') || 'Editor'"; + + # Allow creating new Grafana accounts from OAuth accounts. + allow_sign_up = true; + }; + + "auth.anonymous" = { + enabled = true; + org_name = "The Virus Lounge"; + org_role = "Viewer"; + }; + + "auth.basic".enabled = false; + + auth = { + oauth_auto_login = true; + disable_login_form = true; + }; + }; provision = { enable = true; - datasources = [{ + datasources.settings.datasources = [{ name = "Prometheus"; type = "prometheus"; url = "http://localhost:9090"; |