Stage Grafana Authentik cutover
This commit is contained in:
@@ -1,12 +1,8 @@
|
|||||||
users:
|
users:
|
||||||
john:
|
fizzlepoof:
|
||||||
disabled: false
|
disabled: false
|
||||||
displayname: John
|
displayname: John
|
||||||
email: john@example.com
|
email: admin@paccoco.com
|
||||||
password: '$argon2id$v=19$m=65536,t=3,p=4$REPLACE$REPLACE'
|
password: $argon2id$v=19$m=65536,t=3,p=4$REPLACE$REPLACE
|
||||||
groups:
|
groups:
|
||||||
- admins
|
- admins
|
||||||
# future examples:
|
|
||||||
# - infra
|
|
||||||
# - media
|
|
||||||
# - family
|
|
||||||
|
|||||||
@@ -21,7 +21,6 @@ http:
|
|||||||
service: grafana
|
service: grafana
|
||||||
middlewares:
|
middlewares:
|
||||||
- security-headers
|
- security-headers
|
||||||
- authelia-forwardauth
|
|
||||||
|
|
||||||
technitium:
|
technitium:
|
||||||
rule: Host(`dns.paccoco.com`)
|
rule: Host(`dns.paccoco.com`)
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ GF_ADMIN_USER=admin
|
|||||||
GF_ADMIN_PASS=CHANGE_ME
|
GF_ADMIN_PASS=CHANGE_ME
|
||||||
GF_HOST=grafana.paccoco.com
|
GF_HOST=grafana.paccoco.com
|
||||||
LOKI_HOST=loki.paccoco.com
|
LOKI_HOST=loki.paccoco.com
|
||||||
AUTHENTIK_HOST=auth.paccoco.com
|
AUTHENTIK_URL=https://auth.paccoco.com
|
||||||
GF_AUTHENTIK_APP_SLUG=grafana
|
GF_AUTHENTIK_APP_SLUG=grafana
|
||||||
GF_AUTH_GENERIC_OAUTH_ENABLED=true
|
GF_AUTH_GENERIC_OAUTH_ENABLED=true
|
||||||
GF_AUTH_GENERIC_OAUTH_NAME=Authentik
|
GF_AUTH_GENERIC_OAUTH_NAME=Authentik
|
||||||
|
|||||||
@@ -49,10 +49,10 @@ services:
|
|||||||
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: ${GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}
|
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: ${GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}
|
||||||
GF_AUTH_GENERIC_OAUTH_SCOPES: ${GF_AUTH_GENERIC_OAUTH_SCOPES}
|
GF_AUTH_GENERIC_OAUTH_SCOPES: ${GF_AUTH_GENERIC_OAUTH_SCOPES}
|
||||||
GF_AUTH_GENERIC_OAUTH_EMPTY_SCOPES: ${GF_AUTH_GENERIC_OAUTH_EMPTY_SCOPES}
|
GF_AUTH_GENERIC_OAUTH_EMPTY_SCOPES: ${GF_AUTH_GENERIC_OAUTH_EMPTY_SCOPES}
|
||||||
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://${AUTHENTIK_HOST}/application/o/authorize/
|
GF_AUTH_GENERIC_OAUTH_AUTH_URL: ${AUTHENTIK_URL}/application/o/authorize/
|
||||||
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://${AUTHENTIK_HOST}/application/o/token/
|
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: ${AUTHENTIK_URL}/application/o/token/
|
||||||
GF_AUTH_GENERIC_OAUTH_API_URL: https://${AUTHENTIK_HOST}/application/o/userinfo/
|
GF_AUTH_GENERIC_OAUTH_API_URL: ${AUTHENTIK_URL}/application/o/userinfo/
|
||||||
GF_AUTH_SIGNOUT_REDIRECT_URL: https://${AUTHENTIK_HOST}/application/o/${GF_AUTHENTIK_APP_SLUG}/end-session/
|
GF_AUTH_SIGNOUT_REDIRECT_URL: ${AUTHENTIK_URL}/application/o/${GF_AUTHENTIK_APP_SLUG}/end-session/
|
||||||
GF_AUTH_GENERIC_OAUTH_USE_PKCE: ${GF_AUTH_GENERIC_OAUTH_USE_PKCE}
|
GF_AUTH_GENERIC_OAUTH_USE_PKCE: ${GF_AUTH_GENERIC_OAUTH_USE_PKCE}
|
||||||
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: ${GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP}
|
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: ${GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP}
|
||||||
GF_AUTH_GENERIC_OAUTH_AUTO_LOGIN: ${GF_AUTH_GENERIC_OAUTH_AUTO_LOGIN}
|
GF_AUTH_GENERIC_OAUTH_AUTO_LOGIN: ${GF_AUTH_GENERIC_OAUTH_AUTO_LOGIN}
|
||||||
|
|||||||
Reference in New Issue
Block a user