diogocastro.net
+23
modules/nixos/services/grafana.nix
+23
modules/nixos/services/grafana.nix
···
17
17
};
18
18
19
19
config = mkIf cfg.enable {
20
+
sops.secrets.grafana = {
21
+
sopsFile = "${self}/secrets/services/grafana.yaml";
22
+
};
23
+
20
24
services = {
21
25
grafana = {
22
26
enable = true;
···
37
41
name = "grafana";
38
42
user = "grafana";
39
43
password = "grafana";
44
+
};
45
+
46
+
security.disable_gravatar = true;
47
+
48
+
auth = {
49
+
generic_oauth = {
50
+
enabled = true;
51
+
client_id = "fc40c281-9f05-4907-8c85-17c265fbc7c5";
52
+
client_secret = builtins.readFile config.sops.secrets.grafana.path;
53
+
scopes = "openid profile email";
54
+
auth_url = "https://id.diogocastro.net/authorize";
55
+
token_url = "https://id.diogocastro.net/api/oidc/token";
56
+
api_url = "";
57
+
signout_redirect_url = "";
58
+
allow_sign_up = false;
59
+
auto_login = "false";
60
+
email_attribute_name = "email:primary";
61
+
skip_org_role_sync = false;
62
+
};
40
63
};
41
64
};
42
65
+26
secrets/services/grafana.yaml
+26
secrets/services/grafana.yaml
···
1
+
grafana: ENC[AES256_GCM,data:pARheSOsQv2L4Wk1/BGHnEiZxGht5QwdixuK0gRln6o=,iv:bWFrdC3YY0kWjzqHSl6DYlucGqLc+cMc+Vq/jQ489ds=,tag:XnZoe1swyMDr4Dy2aGjQXQ==,type:str]
2
+
sops:
3
+
age:
4
+
- recipient: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICCTbCHJ0avif6MQ7izXlHHaubNsOhU2xf9lMvXKLyUQ
5
+
enc: |
6
+
-----BEGIN AGE ENCRYPTED FILE-----
7
+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZnTXFHQSBnS3dQ
8
+
OVpQUm51dWZzTENOUzArcmJuN1cvWituSTQxTGsrRGVnbTRha0YwCi9IM3dqbTFt
9
+
d0hNRFFuVUhkRzBZK1FYb3c2VnB6dU5mRmdMdUZkRGdRNE0KLS0tIDN1Y1JKQUZO
10
+
QTljdkJkRGpFMjJOVUc5TjVzUDFZZ3A3K2MxUFg3d2ZSZDgK7q3VTXR3u4vXCHSo
11
+
SiHjk6lFAxrFDel45XMmJc2lGlnivO1LmwyqXX7FqdGzWWj+XfWIlFitmCHiOf1X
12
+
W8yHDg==
13
+
-----END AGE ENCRYPTED FILE-----
14
+
- recipient: age1x6rgrjkj0sx32apkg7fzsrgns8t524h3th0m8s30u08vl9lge9jqcvulxt
15
+
enc: |
16
+
-----BEGIN AGE ENCRYPTED FILE-----
17
+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpb0dlNmdxc1NkUW5FY1FO
18
+
ZHFDUENqWkdtcGtFby9FSlRMRkhMWFRUdlFzCis0b3J1cVFtaVR5ZkhBSEVEb1Ux
19
+
cGdWQ0lUYWtKSWRNL3lKclNOem9WQjAKLS0tIDErdHZQcG43SktwMFg1WXZNelB3
20
+
VlhoZ1NuQzY1L1psSnNmb1ZXSzgrUE0KteE2Ra7J0hGbeUKqAd3tQkuXUS2NZfl1
21
+
ZAeNshFaqw3RuIu29C6C8qKbB7QmCp5MIYH/BrOIZNEgAoB/a21zQg==
22
+
-----END AGE ENCRYPTED FILE-----
23
+
lastmodified: "2025-12-09T10:38:54Z"
24
+
mac: ENC[AES256_GCM,data:iU0jUtAr5PQbfxQtPMdhdB6aa44xsIoYd4hwLnEqQqLMemTwPJZmHxDubjQYrpBRkx6FlwF7Fw+1kxGV+4OjdX2A0BHjktQByCggIe/FwTbYGrAFuXT8VKBqtPWZtOtWsqPGcHJ/C99z7MKjIrk0ualqNcpM2NFnmgiiQgZsiqg=,iv:Wy2dBD7Y+PKzzarH4lyl5elBeSVJ+6qi1JCBLPjiyNI=,tag:icIOCfx1QBYhWpnZEfKU/A==,type:str]
25
+
unencrypted_suffix: _unencrypted
26
+
version: 3.11.0