torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

grafana: add Grafana on monitoring02 with Kanidm OIDC
Some checks failed
Run nix flake check / flake-check (push) Failing after 4m3s
Details

Browse Source 
Deploy Grafana test instance on monitoring02 with:
- Kanidm OIDC authentication (admins -> Admin role, others -> Viewer)
- PKCE enabled for secure OAuth2 flow (required by Kanidm)
- Declarative datasources for Prometheus and Loki on monitoring01
- Local Caddy for TLS termination via internal ACME CA
- DNS CNAME grafana-test.home.2rjus.net

Terraform changes add OAuth2 client secret and AppRole policies for
kanidm01 and monitoring02.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Torjus Håkestad
2026-02-08 19:58:19 +01:00
parent 9ffdd4f862
commit 030e8518c5
6 changed files with 144 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
terraform/vault/secrets.tf
View File

@@ -108,6 +108,12 @@ locals {
auto_generate = true
password_length = 32
}
# Grafana OAuth2 client secret (for Kanidm OIDC)
"services/grafana/oauth2-client-secret" = {
auto_generate = true
password_length = 64
}
}
}