# {{ ansible_managed }} [server] protocoll = https domain = {{ grafana.domain }} enforce_domain = true root_url = https://{{ grafana.domain }} [database] type = mysql host = 127.0.0.1:3306 name = {{ grafana_db }} user = {{ grafana_db_user }} password = {{ grafana_db_password }} [session] cookie_secure = true [analytics] reporting_enabled = false check_for_updates = false [security] disable_gravatar = true cookie_secure = true cookie_samesite = strict strict_transport_security = true strict_transport_security_max_age_seconds = 86400 strict_transport_security_preload = true strict_transport_security_subdomains = true x_content_type_options = true x_xss_protection = true content_security_policy = true content_security_policy_template = """script-src 'unsafe-eval' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;base-uri 'self';connect-src 'self' grafana.com;manifest-src 'self';media-src 'none';form-action 'self';""" [users] allow_sign_up = false default_locale = de-DE [auth.anonymous] enabled = false [plugin.grafana-image-renderer] rendering_timezone = Europe/Berlin rendering_language = de-DE [auth] signout_redirect_url = {{ grafana_auth_signout_redirect_url }} oauth_auto_login = false [auth.generic_oauth] name = {{ grafana_auth_generic_oauth_name }} {% if grafana_auth_generic_oauth_enabled is defined and grafana_auth_generic_oauth_enabled %} enabled = true {% endif %} client_id = {{ grafana_auth_generic_oauth_client_id }} client_secret = {{ grafana_auth_generic_oauth_client_secret }} scopes = openid email profile auth_url = {{ grafana_auth_generic_oauth_auth_url }} token_url = {{ grafana_auth_generic_oauth_token_url }} api_url = {{ grafana_auth_generic_oauth_api_url }} role_attribute_path = {{ grafana_auth_generic_oauth_role_attribute_path }}