Add grafana

README.md

@@ -7,4 +7,4 @@ L'idée est de pouvoir redonder les services « légers » entre les résidences
 En cours de test par erdnaxe.
 
 Pour lancer un service, aller dans le dossier puis
-`sudo docker-compose up --build`.
+`sudo docker-compose up --build -d`.

grafana/docker-compose.yml

@@ -0,0 +1,25 @@
+version: "3.7"
+
+services:
+  grafana:
+    image: grafana/grafana
+    environnment:
+      - GF_SERVER_ROOT_URL=https://grafana.auro.re
+      - GF_SESSION_COOKIE_SECURE=true
+      - GF_ANALYTICS_REPORTING_ENABLE=false
+      - GF_SNAPSHOTS_EXTERNAL_ENABLED=false
+      - GF_USERS_ALLOW_SIGN_UP=false
+      - GF_USERS_ALLOW_ORG_CREATE=false
+      - GF_AUTH_BASIC_ENABLED=false
+      - GF_AUTH_LDAP_ENABLED=true
+      - GF_AUTH_LDAP_CONFIG_FILE=/etc/grafana/ldap.toml
+
+      # Install Grafana plugins at startup
+      - GF_INSTALL_PLUGINS=grafana-worldmap-panel
+    volumes:
+      - ./data_grafana:/var/lib/grafana
+      - ./ldap.toml:/etc/grafana/ldap.toml:ro
+    ports:
+      - 8082:3000
+    restart: always
+

grafana/ldap.toml

@@ -0,0 +1,65 @@
+# To troubleshoot and get more log info enable ldap debug logging in grafana.ini
+# [log]
+# filters = ldap:debug
+
+[[servers]]
+# Ldap server host (specify multiple hosts space separated)
+host = "10.128.0.11"
+# Default port is 389 or 636 if use_ssl = true
+port = 389
+# Set to true if ldap server supports TLS
+use_ssl = false
+# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
+start_tls = false
+# set to true if you want to skip ssl cert validation
+ssl_skip_verify = false
+# set to the path to your root CA certificate or leave unset to use system defaults
+# root_ca_cert = "/path/to/certificate.crt"
+# Authentication against LDAP servers requiring client certificates
+# client_cert = "/path/to/client.crt"
+# client_key = "/path/to/client.key"
+
+# Search user bind dn
+bind_dn = "cn=grafana,ou=service-users,dc=auro,dc=re"
+# Search user bind password
+# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
+bind_password = 'CHANGE ME IN PRODUCTION, I WILL DIFFER !'
+
+# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
+search_filter = "(cn=%s)"
+
+# An array of base dns to search through
+search_base_dns = ["cn=Utilisateurs,dc=auro,dc=re"]
+
+## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
+## Please check grafana LDAP docs for examples
+group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
+group_search_base_dns = ["ou=posix,ou=groups,dc=auro,dc=re"]
+group_search_filter_user_attribute = "cn"
+
+# Specify names of the ldap attributes your ldap uses
+[servers.attributes]
+name = "sn"
+surname = ""
+username = "cn"
+member_of = "dn"
+email =  "mail"
+
+# Map ldap groups to grafana org roles
+[[servers.group_mappings]]
+group_dn = "cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re"
+org_role = "Admin"
+# To make user an instance admin  (Grafana Admin) uncomment line below
+grafana_admin = true
+# The Grafana organization database id, optional, if left out the default org (id 1) will be used
+# org_id = 1
+
+[[servers.group_mappings]]
+group_dn = "cn=technicien,ou=posix,ou=groups,dc=auro,dc=re"
+org_role = "Editor"
+
+[[servers.group_mappings]]
+# If you want to match all (or no ldap groups) then you can use wildcard
+group_dn = "*"
+org_role = "Viewer"
+