From bf9aae1188195540208646bb4949c9317e34b5e4 Mon Sep 17 00:00:00 2001
From: nyyu <mail@nyyu.dev>
Date: Tue, 23 Jan 2024 20:42:08 +0100
Subject: [PATCH] feat(grafana): sso

---
 docker-compose.yml | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 911d7e7..9fca47e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -20,6 +20,20 @@ services:
       - GF_SECURITY_ADMIN_USER=admin
       - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD}
       - GF_USERS_ALLOW_SIGN_UP=false
+      - GF_SERVER_ROOT_URL=https://grafana.${PUBLIC_HOST}
+      - GF_AUTH_GENERIC_OAUTH_ENABLED=true
+      - GF_AUTH_GENERIC_OAUTH_NAME=SSO
+      - GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=true
+      - GF_AUTH_GENERIC_OAUTH_CLIENT_ID=grafana
+      - GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${GRAFANA_CLIENT_SECRET}
+      - GF_AUTH_GENERIC_OAUTH_SCOPES=openid email profile offline_access roles
+      - GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email
+      - GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username
+      - GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=full_name
+      - GF_AUTH_GENERIC_OAUTH_AUTH_URL=${OPENID_URL}/protocol/openid-connect/auth
+      - GF_AUTH_GENERIC_OAUTH_TOKEN_URL=${OPENID_URL}/protocol/openid-connect/token
+      - GF_AUTH_GENERIC_OAUTH_API_URL=${OPENID_URL}/protocol/openid-connect/userinfo
+      - GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'
     networks:
       - monitoring
       - traefik
@@ -114,7 +128,7 @@ services:
   #     - monitoring
   cadvisor:
     # ARM image
-    image: gcr.io/cadvisor/cadvisor-arm64:v0.47.2
+    image: gcr.io/cadvisor/cadvisor:v0.47.2
     container_name: cadvisor
     restart: unless-stopped
     command: