Default role: admin

Issue: #4
- give OAuth users default Editor role
2026-04-18 23:09:41 +02:00 · 2026-04-18 23:07:04 +02:00 · 2026-04-18 19:56:46 +00:00 · 2026-04-18 21:51:27 +02:00 · 2026-04-16 21:54:21 +02:00 · 2026-04-16 21:47:12 +02:00
3 changed files with 77 additions and 0 deletions
@@ -117,3 +117,15 @@ identity_providers:
          - email
          - groups
        userinfo_signed_response_alg: 'none'
+      - id: grafana
+        description: Grafana via Authelia
+        secret: '$argon2id$v=19$m=65536,t=3,p=4$IoJjIPmtn81rI0te8lV5Yw$tptaXFfI1NOsPctEzyAYiRblzFNsWgbS9Gh160OkoqQ'
+        public: false
+        authorization_policy: one_factor
+        redirect_uris:
+          - https://grafana.quangkhai.ch/login/generic_oauth
+        scopes:
+          - openid
+          - profile
+          - email
+        userinfo_signed_response_alg: 'none'        
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+# Deploy Authelia configuration
+# Copies all files from authelia folder to /home/quangkhai/authelia
+
+set -e
+
+SOURCE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/authelia" && pwd)"
+DEST_DIR="/home/quangkhai/authelia"
+
+echo "Starting deployment..."
+echo "Source: $SOURCE_DIR"
+echo "Destination: $DEST_DIR"
+
+# Create destination directory if it doesn't exist
+if [ ! -d "$DEST_DIR" ]; then
+    echo "Creating destination directory: $DEST_DIR"
+    mkdir -p "$DEST_DIR"
+fi
+
+# Copy all files
+echo "Copying files..."
+cp -rv "$SOURCE_DIR"/* "$DEST_DIR/"
+
+echo "✓ Deployment completed successfully!"
+echo "Files copied to: $DEST_DIR"
+
+
@@ -0,0 +1,37 @@
+GF_SERVER_ROOT_URL=https://grafana.quangkhai.ch
+GF_AUTH_ANONYMOUS_ENABLED=false
+GF_AUTH_DISABLE_LOGIN_FORM=true
+
+GF_AUTH_GENERIC_OAUTH_ENABLED=true
+GF_AUTH_GENERIC_OAUTH_NAME=Authelia
+GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true
+GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana
+GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=VeNuocNuocVe26!
+GF_AUTH_GENERIC_OAUTH_SCOPES="openid profile email"
+GF_AUTH_GENERIC_OAUTH_USE_ID_TOKEN=true
+
+GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://auth.quangkhai.ch/api/oidc/authorization
+GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://auth.quangkhai.ch/api/oidc/token
+GF_AUTH_GENERIC_OAUTH_API_URL=https://auth.quangkhai.ch/api/oidc/userinfo
+
+# 2. Map the ID (used for login)
+# Many OIDC providers use 'preferred_username' or 'sub'
+GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username
+
+# 3. Map the Email
+GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email
+
+# 4. Map the Name (optional, but good for profile)
+GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=name
+
+# Example mapping: 
+# If 'groups' contains 'admin', make them 'Admin'. 
+# If 'groups' contains 'editor', make them 'Editor'. 
+# Otherwise, default to 'Viewer'.
+#GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH="contains(groups[*], 'admins') && 'Admin' || contains(groups[*], 'editor') && 'Editor' || 'Viewer'"
+# Sets the default role for ALL OAuth users
+GF_AUTH_GENERIC_OAUTH_AUTO_ASSIGN_ORG_ROLE=Admin
+GF_USERS_AUTO_ASSIGN_ORG_ROLE=Admin
+# Tell Grafana NOT to try and sync roles from the OIDC claims
+GF_AUTH_GENERIC_OAUTH_SKIP_ORG_ROLE_SYNC=true
+GF_LOG_LEVEL=debug
Author	SHA1	Message	Date
quangkhai	a33f86690f	Default role: admin	2026-04-18 23:09:41 +02:00
quangkhai	6dc458b168	Issue: #4 - give OAuth users default Editor role	2026-04-18 23:07:04 +02:00
quangkhai	c2e93355ec	Merge pull request 'feature/grafana_openid' (#1 ) from feature/grafana_openid into main Reviewed-on: #1	2026-04-18 19:56:46 +00:00
quangkhai	68e55131b5	FIX SSO Login setting from Grafana	2026-04-18 21:51:27 +02:00
quangkhai	383c88defd	deployment script	2026-04-16 21:54:21 +02:00
quangkhai	edd9368fea	OpenID for Grafana	2026-04-16 21:47:12 +02:00
quangkhai	d19fae8d56	back up config.monitoring (worked)	2026-04-16 21:41:53 +02:00