ansible-role-grafana/templates/grafana.ini
2023-11-20 11:47:05 +01:00

62 lines
1.8 KiB
INI

# {{ ansible_managed }}
[server]
protocoll = https
domain = {{ grafana_domain }}
enforce_domain = true
root_url = https://{{ grafana_domain }}
[database]
type = mysql
host = {{ database_host }}:3306
name = {{ grafana_db }}
user = {{ grafana_db_user }}
password = {{ grafana_db_password }}
[session]
cookie_secure = true
[analytics]
reporting_enabled = false
check_for_updates = false
[security]
disable_gravatar = true
cookie_secure = true
cookie_samesite = strict
strict_transport_security = true
strict_transport_security_max_age_seconds = 86400
strict_transport_security_preload = true
strict_transport_security_subdomains = true
x_content_type_options = true
x_xss_protection = true
content_security_policy = true
content_security_policy_template = """script-src 'unsafe-eval' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;base-uri 'self';connect-src 'self' grafana.com;manifest-src 'self';media-src 'none';form-action 'self';"""
[users]
allow_sign_up = false
default_locale = de-DE
[auth.anonymous]
enabled = false
[plugin.grafana-image-renderer]
rendering_timezone = Europe/Berlin
rendering_language = de-DE
[auth]
signout_redirect_url = {{ grafana_auth_signout_redirect_url }}
oauth_auto_login = false
{% if grafana_auth_generic_oauth_enabled is defined and grafana_auth_generic_oauth_enabled %}
[auth.generic_oauth]
name = {{ grafana_auth_generic_oauth_name }}
enabled = true
client_id = {{ grafana_auth_generic_oauth_client_id }}
client_secret = {{ grafana_auth_generic_oauth_client_secret }}
scopes = openid email profile
auth_url = {{ grafana_auth_generic_oauth_auth_url }}
token_url = {{ grafana_auth_generic_oauth_token_url }}
api_url = {{ grafana_auth_generic_oauth_api_url }}
role_attribute_path = {{ grafana_auth_generic_oauth_role_attribute_path }}
{% endif %}