torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

grafana: add Grafana on monitoring02 with Kanidm OIDC
All checks were successful
Run nix flake check / flake-check (push) Successful in 2m5s
Details

Browse Source 
Deploy Grafana test instance on monitoring02 with:
- Kanidm OIDC authentication (admins -> Admin role, others -> Viewer)
- PKCE enabled for secure OAuth2 flow (required by Kanidm)
- Declarative datasources for Prometheus and Loki on monitoring01
- Local Caddy for TLS termination via internal ACME CA
- DNS CNAME grafana-test.home.2rjus.net

Terraform changes add OAuth2 client secret and AppRole policies for
kanidm01 and monitoring02.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Torjus Håkestad
2026-02-08 19:58:19 +01:00
parent 9ffdd4f862
commit 7d3407b2ab
6 changed files with 140 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/monitoring02/configuration.nix
View File

@@ -18,6 +18,9 @@
tier = "test"; # Start in test tier, move to prod after validation
};
# DNS CNAME for Grafana test instance
homelab.dns.cnames = [ "grafana-test" ];
# Enable Vault integration
vault.enable = true;