quangkhai/deployments
1
1
Fork 0
Code Issues 3 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: quangkhai/deployments:feature/issue-6-add-crowdsec
Branches Tags
quangkhai/deployments:main quangkhai/deployments:feature/issue-6-add-crowdsec quangkhai/deployments:feature/grafana_openid
...
pull from: quangkhai/deployments:main
Branches Tags
quangkhai/deployments:feature/issue-6-add-crowdsec quangkhai/deployments:main quangkhai/deployments:feature/grafana_openid

7 Commits
feature/issue-6-add-crowdsec ... main

Author SHA1 Message Date
quangkhai a33f86690f Default role: admin 2026-04-18 23:09:41 +02:00
quangkhai 6dc458b168 Issue: #4 
- give OAuth users default Editor role
 2026-04-18 23:07:04 +02:00
quangkhai c2e93355ec Merge pull request 'feature/grafana_openid' (#1) from feature/grafana_openid into main 
Reviewed-on: #1
 2026-04-18 19:56:46 +00:00
quangkhai 68e55131b5 FIX SSO Login setting from Grafana 2026-04-18 21:51:27 +02:00
quangkhai 383c88defd deployment script 2026-04-16 21:54:21 +02:00
quangkhai edd9368fea OpenID for Grafana 2026-04-16 21:47:12 +02:00
quangkhai d19fae8d56 back up config.monitoring (worked) 2026-04-16 21:41:53 +02:00
3 changed files with 77 additions and 0 deletions
Expand all files Collapse all files
authelia/config/configuration.yml
+12
View File
@@ -117,3 +117,15 @@ identity_providers:
- email
- groups
userinfo_signed_response_alg: 'none'
- id: grafana
description: Grafana via Authelia
secret: '$argon2id$v=19$m=65536,t=3,p=4$IoJjIPmtn81rI0te8lV5Yw$tptaXFfI1NOsPctEzyAYiRblzFNsWgbS9Gh160OkoqQ'
public: false
authorization_policy: one_factor
redirect_uris:
- https://grafana.quangkhai.ch/login/generic_oauth
scopes:
- openid
- profile
- email
userinfo_signed_response_alg: 'none'
deploy.sh
+28
View File
@@ -0,0 +1,28 @@
#!/bin/bash
# Deploy Authelia configuration
# Copies all files from authelia folder to /home/quangkhai/authelia
set -e
SOURCE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/authelia" && pwd)"
DEST_DIR="/home/quangkhai/authelia"
echo "Starting deployment..."
echo "Source: $SOURCE_DIR"
echo "Destination: $DEST_DIR"
# Create destination directory if it doesn't exist
if [ ! -d "$DEST_DIR" ]; then
echo "Creating destination directory: $DEST_DIR"
mkdir -p "$DEST_DIR"
fi
# Copy all files
echo "Copying files..."
cp -rv "$SOURCE_DIR"/* "$DEST_DIR/"
echo "✓ Deployment completed successfully!"
echo "Files copied to: $DEST_DIR"
prometheus/grafana/config.monitoring
+37
View File
@@ -0,0 +1,37 @@
GF_SERVER_ROOT_URL=https://grafana.quangkhai.ch
GF_AUTH_ANONYMOUS_ENABLED=false
GF_AUTH_DISABLE_LOGIN_FORM=true
GF_AUTH_GENERIC_OAUTH_ENABLED=true
GF_AUTH_GENERIC_OAUTH_NAME=Authelia
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true
GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=VeNuocNuocVe26!
GF_AUTH_GENERIC_OAUTH_SCOPES="openid profile email"
GF_AUTH_GENERIC_OAUTH_USE_ID_TOKEN=true
GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://auth.quangkhai.ch/api/oidc/authorization
GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://auth.quangkhai.ch/api/oidc/token
GF_AUTH_GENERIC_OAUTH_API_URL=https://auth.quangkhai.ch/api/oidc/userinfo
# 2. Map the ID (used for login)
# Many OIDC providers use 'preferred_username' or 'sub'
GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username
# 3. Map the Email
GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email
# 4. Map the Name (optional, but good for profile)
GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=name
# Example mapping:
# If 'groups' contains 'admin', make them 'Admin'.
# If 'groups' contains 'editor', make them 'Editor'.
# Otherwise, default to 'Viewer'.
#GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH="contains(groups[*], 'admins') && 'Admin' || contains(groups[*], 'editor') && 'Editor' || 'Viewer'"
# Sets the default role for ALL OAuth users
GF_AUTH_GENERIC_OAUTH_AUTO_ASSIGN_ORG_ROLE=Admin
GF_USERS_AUTO_ASSIGN_ORG_ROLE=Admin
# Tell Grafana NOT to try and sync roles from the OIDC claims
GF_AUTH_GENERIC_OAUTH_SKIP_ORG_ROLE_SYNC=true
GF_LOG_LEVEL=debug