Skip to content
Snippets Groups Projects
Commit 652b01a5 authored by Florian Sesser's avatar Florian Sesser
Browse files

Grafana: Set admin PW

parent 8dbb3544
No related branches found
No related tags found
No related merge requests found
......@@ -65,6 +65,14 @@
permissions = "0400";
action = ["sudo" "systemctl" "restart" "grafana.service"];
};
"grafana-admin-password" = {
source = "${privateKeyPath}/grafana-admin.password";
destination = "/run/keys/grafana-admin.password";
owner.user = config.systemd.services.grafana.serviceConfig.User;
owner.group = config.users.users.grafana.group;
permissions = "0400";
action = ["sudo" "systemctl" "restart" "grafana.service"];
};
};
monitoringvpn = {
"monitoringvpn-private-key".source = "${privateKeyPath}/monitoringvpn/server.key";
......
......@@ -56,6 +56,12 @@ in {
default = /run/keys/grafana-google-sso.secret;
description = "The path to the GSuite SSO secret file.";
};
adminPasswordFile = lib.mkOption
{ type = lib.types.path;
example = lib.literalExample "/var/secret/monitoring-admin-password";
default = /run/keys/grafana-admin.password;
description = "A file containing the password for the Grafana Admin account.";
};
};
config = {
......@@ -87,6 +93,12 @@ in {
anonymous.org_name = "Main Org.";
} // grafanaAuth;
# Give users that come through GSuite SSO the highest possible privileges:
users.autoAssignOrgRole = "Editor";
# Read the admin password from a file in our secrets folder:
security.adminPasswordFile = cfg.adminPasswordFile;
provision = {
enable = true;
# See https://grafana.com/docs/grafana/latest/administration/provisioning/#datasources
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment