Robert Helewka
b4d60f2f38
Replaces the minimal project description with a comprehensive README including a component overview table, quick start instructions, common Ansible operations, and links to detailed documentation. Aligns with Red Panda Approval™ standards.
37 lines
1.3 KiB
Django/Jinja
37 lines
1.3 KiB
Django/Jinja
# Grafana Configuration - Managed by Ansible
|
|
# Do not edit manually - changes will be overwritten
|
|
|
|
[server]
|
|
root_url = {{ grafana_root_url }}
|
|
|
|
[auth]
|
|
# Disable login form for OAuth users (admins can still use local auth)
|
|
disable_login_form = false
|
|
|
|
[auth.generic_oauth]
|
|
enabled = {{ grafana_oauth_enabled | default(false) | lower }}
|
|
name = {{ grafana_oauth_name | default('Casdoor') }}
|
|
allow_sign_up = {{ grafana_oauth_allow_sign_up | default(true) | lower }}
|
|
client_id = {{ grafana_oauth_client_id }}
|
|
client_secret = {{ grafana_oauth_client_secret }}
|
|
scopes = {{ grafana_oauth_scopes | default('openid profile email') }}
|
|
auth_url = {{ grafana_oauth_auth_url }}
|
|
token_url = {{ grafana_oauth_token_url }}
|
|
api_url = {{ grafana_oauth_api_url }}
|
|
# Map Casdoor user attributes to Grafana
|
|
email_attribute_path = email
|
|
login_attribute_path = preferred_username
|
|
name_attribute_path = name
|
|
# Default role for new OAuth users
|
|
role_attribute_path = contains(groups[*], 'grafana-admin') && 'Admin' || contains(groups[*], 'grafana-editor') && 'Editor' || 'Viewer'
|
|
# TLS settings for internal communication
|
|
tls_skip_verify_insecure = {{ grafana_oauth_skip_tls_verify | default(true) | lower }}
|
|
|
|
[log]
|
|
# Console-only logging — systemd journal captures output, Alloy ships to Loki
|
|
mode = console
|
|
level = {{ grafana_log_level | default('info') }}
|
|
|
|
[log.console]
|
|
format = text
|