tobias/infrastructure
1
0
Fork 0
Code Issues 5 Pull Requests Projects Activity
0709e9d6b9
infrastructure/ansible/plays/services/grafana/docker-compose.yaml
Tobias Manske e8bbb4b167
Some checks failed
continuous-integration/drone/push Build is failing
Details
Postgres db macro
2024-02-05 18:44:13 +01:00

49 lines
2.4 KiB
YAML
Raw Blame History

version: "3.4"
services:
grafana:
image: grafana/grafana:latest
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
- "traefik.http.routers.grafana.rule=Host(`grafana.tobiasmanske.de`)"
- "traefik.http.routers.grafana.entryPoints=websecure"
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
environment:
- "GF_SERVER_ROOT_URL=https://grafana.tobiasmanske.de"
- "GF_SECURITY_ADMIN_USER={{ grafana.admin.user }}"
- "GF_SECURITY_ADMIN_PASSWORD={{ grafana.admin.password }}"
- "GF_AUTH_GENERIC_OAUTH_NAME=Keycloak"
- "GF_AUTH_GENERIC_OAUTH_ENABLED=true"
- "GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true"
- "GF_AUTH_GENERIC_OAUTH_CLIENT_ID={{ grafana.oidc.client_id }}"
- "GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET={{ grafana.oidc.client_secret }}"
- "GF_AUTH_GENERIC_OAUTH_SCOPES=openid email profile offline_access roles"
- "GF_AUTH_GENERIC_OAUTH_GROUP_ATTRIBUTE_PATH=groups"
- "GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email"
- "GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username"
- "GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=full_name"
- "GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/auth"
- "GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/token"
- "GF_AUTH_GENERIC_OAUTH_API_URL=https://{{ grafana.oidc.url }}/realms/{{ grafana.oidc.realm_name }}/protocol/openid-connect/userinfo"
- "GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(resource_access.grafana.roles[*], 'serveradmin') && 'GrafanaAdmin' || contains(resource_access.grafana.roles[*], 'admin') && 'Admin' || contains(resource_access.grafana.roles[*], 'editor') && 'Editor' || 'Viewer'"
- "GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN=true"
volumes:
- data:/var/lib/grafana
- ./grafana-ds.yml:/etc/grafana/provisioning/datasources/datasource.yml:ro,Z
- ./grafana-db.yml:/etc/grafana/provisioning/dashboards/datasource.yml:ro,Z
- ./grafana-dashboards:/var/lib/grafana/dashboards:ro,Z
networks:
- default
- metrics
volumes:
data:
networks:
backend:
internal: true
metrics:
external: true
postgres:
internal: true
Reference in New Issue View Git Blame Copy Permalink