From 79524db48424d7034a18cacf0b7c34ec2d961597 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Fri, 16 Jul 2021 14:14:17 -0400
Subject: [PATCH] Force a certain public address for the server

This is used in constructing the Google OAuth2 login callback URL and has to
match what's configured in Google - also helps if it is actually the address
of the server.
---
 nixos/modules/monitoring/server/grafana.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/nixos/modules/monitoring/server/grafana.nix b/nixos/modules/monitoring/server/grafana.nix
index 5986ba0b..5b1b4d86 100644
--- a/nixos/modules/monitoring/server/grafana.nix
+++ b/nixos/modules/monitoring/server/grafana.nix
@@ -70,6 +70,12 @@ in {
 
       # No phoning home
       analytics.reporting.enable = false;
+
+      # Force Grafana to believe it is reachable via https on the default port
+      # number because that's where the nginx that forwards traffic to it is
+      # listening.  Grafana's own server listens on an internal address that
+      # doesn't matter to anyone except our nginx instance.
+      rootUrl = "https://%(domain)s/";
     };
 
     services.grafana.auth = {
-- 
GitLab