grafana: switch to chaoswest.tv

This commit is contained in:
Jan Koppe 2024-01-31 17:10:16 +01:00
parent 618cbeea59
commit 7fd36b33bf
Signed by: thunfisch
GPG Key ID: BE935B0735A2129B
3 changed files with 30 additions and 22 deletions

View File

@ -38,7 +38,7 @@ http_addr = 0.0.0.0
http_port = 3000 http_port = 3000
# The public facing domain name used to access grafana from a browser # The public facing domain name used to access grafana from a browser
domain = "grafana.montage2.de" domain = "grafana.chaoswest.tv"
# Redirect to correct domain if host header does not match domain # Redirect to correct domain if host header does not match domain
# Prevents DNS rebinding attacks # Prevents DNS rebinding attacks
@ -47,7 +47,7 @@ domain = "grafana.montage2.de"
# The full public facing url you use in browser, used for redirects and emails # The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path) # If you use reverse proxy and sub path specify full url (with sub path)
;root_url = %(protocol)s://%(domain)s:%(http_port)s/ ;root_url = %(protocol)s://%(domain)s:%(http_port)s/
root_url = "https://grafana.montage2.de/" root_url = "https://grafana.chaoswest.tv/"
# Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons. # Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons.
;serve_from_sub_path = false ;serve_from_sub_path = false
@ -307,7 +307,7 @@ verify_email_enabled = false
enabled = true enabled = true
# specify organization name that should be used for unauthenticated users # specify organization name that should be used for unauthenticated users
org_name = Montage2 org_name = CWTV
# specify role for unauthenticated users # specify role for unauthenticated users
org_role = Viewer org_role = Viewer
@ -328,14 +328,14 @@ org_role = Viewer
#################################### GitLab Auth ######################### #################################### GitLab Auth #########################
[auth.gitlab] [auth.gitlab]
enabled = true ;enabled = true
allow_sign_up = true ;allow_sign_up = true
;client_id = some_id ;client_id = some_id
;client_secret = some_secret ;client_secret = some_secret
scopes = read_user ;scopes = read_user
auth_url = https://gitlab.montage2.de/oauth/authorize ;auth_url = https://gitlab.montage2.de/oauth/authorize
token_url = https://gitlab.montage2.de/oauth/token ;token_url = https://gitlab.montage2.de/oauth/token
api_url = https://gitlab.montage2.de/api/v4 ;api_url = https://gitlab.montage2.de/api/v4
;allowed_domains = ;allowed_domains =
;allowed_groups = ;allowed_groups =

View File

@ -8,15 +8,12 @@ data "docker_network" "traefik" {
locals { locals {
labels = { labels = {
"shepherd.auto-update" = "true", "shepherd.auto-update" = "true",
"traefik.enable" = "true" "traefik.enable" = "true"
"traefik.http.services.grafana.loadbalancer.server.port" = "3000", "traefik.http.services.grafana.loadbalancer.server.port" = "3000",
"traefik.http.routers.grafana.rule" = "Host(`grafana.montage2.de`)||Host(`grafana.chaoswest.tv`)", "traefik.http.routers.grafana.rule" = "Host(`grafana.chaoswest.tv`)",
"traefik.http.routers.grafana.tls" = "true", "traefik.http.routers.grafana.tls" = "true",
"traefik.http.routers.grafana.tls.certresolver" = "default", "traefik.http.routers.grafana.tls.certresolver" = "default",
"traefik.http.routers.grafana.middlewares" = "grafana-redirect",
"traefik.http.middlewares.grafana-redirect.redirectregex.regex" = "^https://grafana.chaoswest.tv/(.*)",
"traefik.http.middlewares.grafana-redirect.redirectregex.replacement" = "https://grafana.montage2.de/$$${1}", # double escaping is necessary here
} }
} }
@ -72,3 +69,15 @@ resource "docker_service" "grafana" {
} }
} }
} }
data "hetznerdns_zone" "primary" {
name = "chaoswest.tv"
}
resource "hetznerdns_record" "primary" {
zone_id = data.hetznerdns_zone.primary.id
name = "grafana"
value = "ax41-1.fsn.mon2.de."
type = "CNAME"
}

View File

@ -2,8 +2,7 @@ hetzner_dns_api_token: ENC[AES256_GCM,data:6m0svnZBgwLeMu12tSz1oUHHaA69dU/dHi7oW
swarm: swarm:
grafana: grafana:
gf_security_secret_key: ENC[AES256_GCM,data:o6iR/KCnM1Ru56i0ANylmZFqiERuNfwx8sHeM4wE/k7aHI8l0Lg2oifrTx38m5puCBw79U4qqFQqe9QJjZMROhRblBK/RWi+3vSv+rwYv2W8wcvMeqcjJgZV0erOMyFkuZpapbfTnbDvidWg4kKbS0k2OmdRHVYc89IETU7hdow=,iv:B5EC8gwEK0g8T2I/EgoLFGCzR0Uhtaot01xeoWU0mp0=,tag:vlYNnn+fI5m6Dw+IpTPfuw==,type:str] gf_security_secret_key: ENC[AES256_GCM,data:o6iR/KCnM1Ru56i0ANylmZFqiERuNfwx8sHeM4wE/k7aHI8l0Lg2oifrTx38m5puCBw79U4qqFQqe9QJjZMROhRblBK/RWi+3vSv+rwYv2W8wcvMeqcjJgZV0erOMyFkuZpapbfTnbDvidWg4kKbS0k2OmdRHVYc89IETU7hdow=,iv:B5EC8gwEK0g8T2I/EgoLFGCzR0Uhtaot01xeoWU0mp0=,tag:vlYNnn+fI5m6Dw+IpTPfuw==,type:str]
gf_auth_gitlab_client_id: ENC[AES256_GCM,data:xZfnyduTnDVpenAMqqcETqQiaphfVdKXJ7lsloynL1ka1V6FTz5i85MK8mgrRPY4zLiPCgmp8gzFiV2PDxDLOQ==,iv:egOxWveuFg9hyQAhO9V5ILwNSjmm4QLSYZQhknZPjvU=,tag:GRLP3QERCZ0hhJ9GpSmWxg==,type:str] gf_security_admin_password: ENC[AES256_GCM,data:BJbUVen8wlU2QxJ99dD0ZrmHMKoC3En4qKkv6JFzqXxZm10elP1EtY6dscnVAaGWOPOv3O+OZ1+bJ24jVvXjVg==,iv:6g+KWKFv14ZAifRqWG01GfCyGhLa0f3hk896rsFR6to=,tag:WVDDaeloZycEERhzuSYwag==,type:str]
gf_auth_gitlab_client_secret: ENC[AES256_GCM,data:SgNbtzg8o0U2NJi2CN3Dmlox7F3v7boURNBZytxuOgnFi6N30xSUW0gHT1UivSEz9V+lo1km4tMI2+HqrukzPQ==,iv:Qbo/T5Er+8oY6rYfbPNHRKFuWLpAnRMAlQQ0Fp/FEKg=,tag:sUNsXhywIkt3Vcq+rIABoA==,type:str]
gf_auth_generic_oauth_client_id: ENC[AES256_GCM,data:XLp880bI5ANkbk1t49839gs8EwI1LlfZwJgtlVPd21jmhXkpRSuKLw==,iv:u+wkKImGyNo0t7nXg7MdbRBBDEC08tWfE1sMo5fbIcY=,tag:CXl/6P9U6kANNFrmDlLvnA==,type:str] gf_auth_generic_oauth_client_id: ENC[AES256_GCM,data:XLp880bI5ANkbk1t49839gs8EwI1LlfZwJgtlVPd21jmhXkpRSuKLw==,iv:u+wkKImGyNo0t7nXg7MdbRBBDEC08tWfE1sMo5fbIcY=,tag:CXl/6P9U6kANNFrmDlLvnA==,type:str]
gf_auth_generic_oauth_client_secret: ENC[AES256_GCM,data:AHWpqQbHVyL6rliQeOsf+hVEwDI0mFOuOtllz3Aqfm/FWQTai4sgdQ9F+AkuiqCsKtdvOyCYdsBNv6BolR1Ef8vNBECKpkt1N97hPvlEuStBzbt0Hcu9uHxo0h1+L10SaM7VzUfVcYJ2gNY/HdU01C7av1NUHsYBMlIb8vE+Eww=,iv:ax6nnqrvYrxa5m08Hby6hCkawJZoJYBVA4JiPur10AU=,tag:ilSrpwsp3GC/AT9CgrfsGw==,type:str] gf_auth_generic_oauth_client_secret: ENC[AES256_GCM,data:AHWpqQbHVyL6rliQeOsf+hVEwDI0mFOuOtllz3Aqfm/FWQTai4sgdQ9F+AkuiqCsKtdvOyCYdsBNv6BolR1Ef8vNBECKpkt1N97hPvlEuStBzbt0Hcu9uHxo0h1+L10SaM7VzUfVcYJ2gNY/HdU01C7av1NUHsYBMlIb8vE+Eww=,iv:ax6nnqrvYrxa5m08Hby6hCkawJZoJYBVA4JiPur10AU=,tag:ilSrpwsp3GC/AT9CgrfsGw==,type:str]
jitsi: jitsi:
@ -32,8 +31,8 @@ sops:
WmlRUnowa2lMNWpDT0xEU0htV0w3U00K1f/SO/FBvC9lIBzveBEwhopj5ryMVCmD WmlRUnowa2lMNWpDT0xEU0htV0w3U00K1f/SO/FBvC9lIBzveBEwhopj5ryMVCmD
jw8AdxvmMwsCSfIROKkzMqiUs2zsj6FOMlYFI1Rb07mItSO2Yd7TsA== jw8AdxvmMwsCSfIROKkzMqiUs2zsj6FOMlYFI1Rb07mItSO2Yd7TsA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-30T17:00:41Z" lastmodified: "2024-01-31T16:00:34Z"
mac: ENC[AES256_GCM,data:GvVUAo5Qtp0Dcnffh42jGkpT3khDRYXf6ws6Q3n2dWk+q39+xDQ3oxCGKMsYwbxrQ5s1oSI7dENSfxQA1Rwk3+Z0wmrRry9fxlYEnDeYLiR2Jxp0+7zDWUcusfSnjC/ASmwCYSFBcQM4jhD4uyVmhluS0E5KrjOD223Z6vtjxck=,iv:5OFMGJatztWTUR2Xb49CYl0Z42UsieYPTR6YoBn9UmM=,tag:yibooLYgoAN+IeiHVyexKg==,type:str] mac: ENC[AES256_GCM,data:XJsH39oi1N0JRwoIP6mvdQfSsBtaxn4N6KZYIHhTXR6Yz2/U2HpGyYoKl7vl2HJBPdjECeje4R1lS4w/I0G++qMpsZHdQglVrSjkpq2P1yZVYFRjN1Xyfjzi58O3WegNLftQpXdlx0T9FCNDLdD6+8BSownLxWWUlp0bpwOIWBc=,iv:f8TSh+aBUuFbLHD/kbA2qkqsZI5oGvlyQt2sO4TRQxk=,tag:DVS91MmrQa8I1Hbz07Ff8Q==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1