2 files changed, 94 insertions, 0 deletions

diff --git a/roles/grafana/templates/grafana.ini.j2 b/roles/grafana/templates/grafana.ini.j2
new file mode 100644
index 0000000..910d453
--- /dev/null
+++ b/roles/grafana/templates/grafana.ini.j2
@@ -0,0 +1,61 @@
+; vi: ft=dosini
+
+[server]
+# Protocol (http, https, h2, socket)
+protocol = https
+http_port = {{ grafana.port }}
+
+cert_file = {{ grafana.certificate }}
+cert_key = {{ grafana.key }}
+
+[database]
+type = mysql
+
+host = {{ grafana.db.host }}
+name = {{ grafana.db.name }}
+user = {{ grafana.db.user }}
+password = """{{ grafana.db.password }}"""
+
+ssl_mode = {{ grafana.db.ssl }}
+
+{% if grafana.db.ssl %}
+ca_cert_path = {{ grafana.db.ca }}
+server_cert_name = {{ grafana.db.host }}
+{% endif %}
+
+[security]
+# disable creation of admin user on first start of grafana
+disable_initial_admin_creation = true
+
+[users]
+allow_sign_up = false
+allow_org_create = false
+
+[auth.ldap]
+enabled = {{ grafana.ldap.enabled }}
+
+{% if grafana.ldap.enabled %}
+config_file = /etc/grafana/ldap.toml
+allow_sign_up = true
+{% endif %}
+
+#################################### SMTP / Emailing ##########################
+[smtp]
+;enabled = false
+;host = localhost:25
+;user =
+# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
+;password =
+;cert_file =
+;key_file =
+;skip_verify = false
+;from_address = admin@grafana.localhost
+;from_name = Grafana
+# EHLO identity in SMTP dialog (defaults to instance_name)
+;ehlo_identity = dashboard.example.com
+# SMTP startTLS policy (defaults to 'OpportunisticStartTLS')
+;startTLS_policy = NoStartTLS
+
+[emails]
+;welcome_email_on_sign_up = false
+;templates_pattern = emails/*.html
diff --git a/roles/grafana/templates/ldap.toml.j2 b/roles/grafana/templates/ldap.toml.j2
new file mode 100644
index 0000000..11411ed
--- /dev/null
+++ b/roles/grafana/templates/ldap.toml.j2
@@ -0,0 +1,33 @@
+# vi: ft=dosini
+[[servers]]
+host = "{{ grafana.ldap.host }}"
+port = {{ grafana.ldap.port }}
+use_ssl = {{ grafana.ldap.use_ssl | string | lower }}
+start_tls = {{ grafana.ldap.start_tls | string | lower }}
+ssl_skip_verify = {{ grafana.ldap.ssl_skip_verify | string | lower }}
+
+bind_dn = "{{ grafana.ldap.bind_dn }}"
+bind_password = """{{ grafana.ldap.bind_pw }}"""
+
+search_filter = "{{ grafana.ldap.search_filter }}"
+search_base_dns = {{ grafana.ldap.base_dns }}
+
+[servers.attributes]
+{% for attr, value in grafana.ldap.attributes.items() %}
+{{ attr }} = "{{ value }}"
+{% endfor %}
+
+# Map ldap groups to grafana org roles
+{% for i in grafana.ldap.group_mappings %}
+[[servers.group_mappings]]
+{% for key, value in i.items() %}
+{% if value is string %}
+{{ key }} = "{{ value }}"
+{% elif value is sameas true or value is sameas false %}
+{{ key }} = {{ value | string | lower }}
+{% else %}
+{{ key }} = {{ value }}
+{% endif %}
+{% endfor %}
+
+{% endfor %}