Initial commit

tasks/main.yml

@@ -0,0 +1,9 @@
+- name: Copy grafana config
+  template:
+        follow: yes
+        src: 'grafana.ini.j2'
+        dest: '/etc/grafana/grafana.ini'
+  notify: Run service actions
+  tags:
+        - grafana
+        - vault

templates/grafana.ini.j2

@@ -0,0 +1,75 @@
+## Server
+[server]
+protocol = 'http'
+http_addr = '{{ ansible_ens10.ipv4.address }}'
+http_port = '{{ grafana.listen.port }}'
+domain = '{{ grafana.listen.domain }}'
+root_url = 'https://{{ grafana.listen.domain }}'
+enable_gzip = 'false'
+
+## Database
+[database]
+type = '{{ grafana.database.type }}'
+host = '{{ grafana.database.host }}'
+name = '{{ grafana.database.name }}'
+user = '{{ grafana.database.user }}'
+ssl_mode = "{{ grafana.database.ssl }}"
+password = "{{ grafana.database.password }}"
+
+## Remote cache
+[remote_cache]
+type = '{{ grafana.cache.type }}'
+connstr = '{{ grafana.cache.connstr }}'
+
+## Security
+[security]
+cookie_secure = 'true'
+cookie_samesite = 'strict'
+
+## Users
+[users]
+allow_sign_up = 'false'
+
+## Anonymous auth
+[auth]
+disable_login_form = 'false'
+oauth_auto_login = 'false'
+
+[auth.anonymous]
+enabled = 'true'
+org_name = 'RedXen'
+org_role = 'Viewer'
+
+## LDAP Auth
+# [auth.ldap]
+# enabled = true
+# config_file = /etc/grafana/ldap.toml
+# allow_sign_up = true
+
+## OAuth
+{% for entry in grafana.auth.generic_oauth %}
+[auth.generic_oauth]
+name = '{{ entry.name }}'
+enabled = '{{ entry.enabled }}'
+allow_sign_up = '{{ entry.allow_sign_up }}'
+client_id = '{{ entry.client_id }}'
+client_secret = '{{ entry.client_secret }}'
+scopes = '{{ entry.scopes }}'
+auth_url = '{{ entry.auth_url }}'
+token_url = '{{ entry.token_url }}'
+api_url = '{{ entry.api_url }}'
+
+{% endfor %}
+
+## Session (legacy)
+# session_provider = 'redis'
+# session_provider_config = 'addr=db_redis:6379,pool_size=100,db=grafana'
+# session_cookie_secure = 'true'
+
+## Snapshots
+[snapshots]
+external_enabled = 'false'
+
+## Alpha panels
+[panels]
+enable_alpha = 'true'