37 lines
1.5 KiB
Plaintext
37 lines
1.5 KiB
Plaintext
GF_SERVER_ROOT_URL=https://grafana.quangkhai.ch
|
|
GF_AUTH_ANONYMOUS_ENABLED=false
|
|
GF_AUTH_DISABLE_LOGIN_FORM=true
|
|
|
|
GF_AUTH_GENERIC_OAUTH_ENABLED=true
|
|
GF_AUTH_GENERIC_OAUTH_NAME=Authelia
|
|
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true
|
|
GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana
|
|
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=VeNuocNuocVe26!
|
|
GF_AUTH_GENERIC_OAUTH_SCOPES="openid profile email"
|
|
GF_AUTH_GENERIC_OAUTH_USE_ID_TOKEN=true
|
|
|
|
GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://auth.quangkhai.ch/api/oidc/authorization
|
|
GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://auth.quangkhai.ch/api/oidc/token
|
|
GF_AUTH_GENERIC_OAUTH_API_URL=https://auth.quangkhai.ch/api/oidc/userinfo
|
|
|
|
# 2. Map the ID (used for login)
|
|
# Many OIDC providers use 'preferred_username' or 'sub'
|
|
GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username
|
|
|
|
# 3. Map the Email
|
|
GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email
|
|
|
|
# 4. Map the Name (optional, but good for profile)
|
|
GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=name
|
|
|
|
# Example mapping:
|
|
# If 'groups' contains 'admin', make them 'Admin'.
|
|
# If 'groups' contains 'editor', make them 'Editor'.
|
|
# Otherwise, default to 'Viewer'.
|
|
#GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH="contains(groups[*], 'admins') && 'Admin' || contains(groups[*], 'editor') && 'Editor' || 'Viewer'"
|
|
# Sets the default role for ALL OAuth users
|
|
GF_AUTH_GENERIC_OAUTH_AUTO_ASSIGN_ORG_ROLE=Admin
|
|
GF_USERS_AUTO_ASSIGN_ORG_ROLE=Admin
|
|
# Tell Grafana NOT to try and sync roles from the OIDC claims
|
|
GF_AUTH_GENERIC_OAUTH_SKIP_ORG_ROLE_SYNC=true
|
|
GF_LOG_LEVEL=debug |