pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Fix SSO Groups mapping

Browse source
This commit is contained in:
pazpi 2026-05-01 15:48:27 +02:00
parent f76e112c1d
commit f279fbeb5d
No known key found for this signature in database
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/monitoring/grafana.nix
View file

@ -91,12 +91,13 @@ in
enabled = cfg.auth.enable;
client_id = "GpPQl4K55kQQhIeuIgzN27kzPzSpY5HlpmqpU9sy";
client_secret = "$__file{${cfg.auth.sectetKeyFile}}";
scopes = "openid email profile";
scopes = "openid email profile groups";
auth_url = "https://${cfg.auth.baseUrl}/application/o/authorize/";
token_url = "https://${cfg.auth.baseUrl}/application/o/token/";
api_url = "https://${cfg.auth.baseUrl}/application/o/userinfo/";
# Optionally map user groups to Grafana roles";
role_attribute_path = "contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'";
role_attribute_path = "contains(groups[*], 'Sysadmin') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'";
allow_assign_grafana_admin = true;
};
database = {
user = "grafana";