1.0.0 Release IaaS

config/services/containers/infra/grafana/etc/grafana.ini.j2

@@ -0,0 +1,54 @@
+# https://github.com/grafana/grafana/blob/main/conf/defaults.ini
+[paths]
+data = /var/lib/grafana
+logs = /var/log/grafana
+plugins = /var/lib/grafana/plugins
+provisioning = /etc/grafana/provisioning
+
+[server]
+protocol = http
+http_port = 3000
+domain = grafana.ilnmors.internal
+root_url = http://grafana.ilnmors.internal/
+router_logging = false
+
+[database]
+type = postgres
+host = {{ infra_uri['postgresql']['domain'] }}:{{ infra_uri['postgresql']['ports']['tcp'] }}
+name = grafana_db
+user = grafana
+password = $__file{/run/secrets/GF_DB_PASSWORD}
+ssl_mode = verify-full
+ca_cert_path = /etc/ssl/grafana/ilnmors_root_ca.crt
+
+[auth.ldap]
+enabled = true
+config_file = /etc/grafana/ldap.toml
+allow_sign_up = true
+
+[auth]
+disable_login_form = false
+allow_anonymous_device_id_auth = false
+
+[security]
+# local admin
+admin_user = local_admin
+# local password
+admin_password = $__file{/run/secrets/GF_ADMIN_PASSWORD}
+cookie_secure = true
+cookie_samesite = lax
+allow_embedding = false
+
+# [smtp]
+# enabled = true
+# host = localhost:25
+# from_address = alert@ilnmors.internal
+# from_name = Grafana-Infra
+
+[analytics]
+reporting_enabled = false
+check_for_updates = false
+
+[log]
+mode = console
+level = info

config/services/containers/infra/grafana/etc/ldap.toml.j2

@@ -0,0 +1,47 @@
+# https://github.com/lldap/lldap/blob/main/example_configs/grafana_ldap_config.toml
+[[servers]]
+host = "{{ infra_uri['ldap']['domain'] }}"
+port = {{ infra_uri['ldap']['ports']['ldaps'] }}
+# Activate STARTTLS or LDAPS
+use_ssl = true
+# true = STARTTLS, false = LDAPS
+start_tls = false
+tls_ciphers = []
+min_tls_version = ""
+ssl_skip_verify = false
+root_ca_cert = "/etc/ssl/grafana/ilnmors_root_ca.crt"
+# mTLS option, it is not needed
+# client_cert = "/path/to/client.crt"
+# client_key = "/path/to/client.key"
+
+bind_dn = "uid=grafana,ou=people,dc=ilnmors,dc=internal"
+bind_password = "$__file{/run/secrets/LDAP_BIND_PASSWORD}"
+
+search_filter = "(|(uid=%s)(mail=%s))"
+search_base_dns = ["dc=ilnmors,dc=internal"]
+
+[servers.attributes]
+member_of = "memberOf"
+email = "mail"
+name = "displayName"
+surname = "sn"
+username = "uid"
+
+group_search_filter = "(&(objectClass=groupOfUniqueNames)(uniqueMember=%s))"
+group_search_base_dns = ["ou=groups,dc=ilnmors,dc=internal"]
+group_search_filter_user_attribute = "uid"
+
+[[servers.group_mappings]]
+group_dn = "cn=lldap_admin,ou=groups,dc=ilnmors,dc=internal"
+org_role = "Admin"
+grafana_admin = true
+
+[[servers.group_mappings]]
+group_dn = "cn=admins,ou=groups,dc=ilnmors,dc=internal"
+org_role = "Editor"
+grafana_admin = false
+
+[[servers.group_mappings]]
+group_dn = "cn=users,ou=groups,dc=ilnmors,dc=internal"
+org_role = "Viewer"
+grafana_admin = false

config/services/containers/infra/grafana/etc/provisioning/datasources/datasources.yaml

@@ -0,0 +1,29 @@
+# https://github.com/grafana/grafana/blob/main/conf/provisioning/datasources/sample.yaml
+apiVersion: 1
+
+datasources:
+  - name: Prometheus
+    type: prometheus
+    url: https://prometheus.ilnmors.internal:9090
+    access: proxy
+    isDefault: true
+    jsonData:
+      tlsAuth: false
+      tlsAuthWithCACert: true
+      httpMethod: POST
+    secureJsonData:
+      tlsCACert: "$__file{/etc/ssl/grafana/ilnmors_root_ca.crt}"
+
+  - name: Loki
+    type: loki
+    url: https://loki.ilnmors.internal:3100
+    access: proxy
+    jsonData:
+      tlsAuth: false
+      tlsAuthWithCACert: true
+      # Tenent value set "to solve no org id"
+      httpHeaderName1: "X-Scope-OrgID"
+      maxLines: 1000
+    secureJsonData:
+      tlsCACert: "$__file{/etc/ssl/grafana/ilnmors_root_ca.crt}"
+      httpHeaderValue1: "ilnmors.internal"