|
| 1 | +declaration template metaconfig/grafana/schema; |
| 2 | + |
| 3 | +include 'pan/types'; |
| 4 | + |
| 5 | +type grafana_server = { |
| 6 | + 'http_port' ? string = "3000" |
| 7 | + # The public facing domain name used to access grafana from a browser |
| 8 | + 'domain' ? string |
| 9 | + # The full public facing url you use in browser, used for redirects and emails |
| 10 | + # If you use reverse proxy and sub path specify full url (with sub path) |
| 11 | + 'root_url' ? string |
| 12 | +}; |
| 13 | +type grafana_database = { |
| 14 | + 'type' : choice('sqlite3', 'postgres', 'mysql') = 'sqlite3' |
| 15 | + 'host' ? string |
| 16 | + 'name' ? string |
| 17 | + 'user' ? string |
| 18 | + 'password' ? string |
| 19 | + # Set to true or false to enable or disable high availability mode. |
| 20 | + # When it's set to false some functions will be simplified and only run in-process |
| 21 | + # instead of relying on the database. |
| 22 | + # |
| 23 | + # Only set it to false if you run only a single instance of Grafana. |
| 24 | + 'high_availability' ? boolean = false |
| 25 | + # For "sqlite3" only, path relative to data_path setting |
| 26 | + 'path' ? string = 'grafana.db' |
| 27 | + |
| 28 | +}; |
| 29 | +type grafana_security = { |
| 30 | + # disable creation of admin user on first start of grafana |
| 31 | + 'disable_initial_admin_creation' : boolean = false |
| 32 | + |
| 33 | + # default admin user, created on startup |
| 34 | + 'admin_user' : string = 'admin' |
| 35 | + |
| 36 | + # default admin password, can be changed before first start of grafana, or in profile settings |
| 37 | + 'admin_password' : string = 'admin' |
| 38 | + |
| 39 | + # default admin email, created on startup |
| 40 | + 'admin_email' : string = 'admin@localhost' |
| 41 | + # set to true if you host Grafana behind HTTPS |
| 42 | + 'cookie_secure' : boolean = false |
| 43 | +}; |
| 44 | + |
| 45 | +type grafana_dashboards = { |
| 46 | + # Number dashboard versions to keep (per dashboard). Default: 20, Minimum: 1 |
| 47 | + 'versions_to_keep' : long(1..) = 20 |
| 48 | + |
| 49 | + # Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json" |
| 50 | + 'default_home_dashboard_path' ? string |
| 51 | +}; |
| 52 | + |
| 53 | +type grafana_users = { |
| 54 | + # disable user signup / registration |
| 55 | + 'allow_sign_up' ? boolean = false |
| 56 | + |
| 57 | + # Allow non admin users to create organizations |
| 58 | + 'allow_org_create' ? boolean = false |
| 59 | + |
| 60 | + # Set to true to automatically assign new users to the default organization (id 1) |
| 61 | + 'auto_assign_org' ? boolean = false |
| 62 | + |
| 63 | + # Set this value to automatically add new users to the provided organization (if auto_assign_org above is set to true) |
| 64 | + 'auto_assign_org_id' ? long(1..) = 1 |
| 65 | + |
| 66 | + # Default role new users will be automatically assigned |
| 67 | + 'auto_assign_org_role' ? choice('Viewer', 'Editor', 'Admin') = 'Viewer' |
| 68 | + |
| 69 | + # Require email validation before sign up completes |
| 70 | + 'verify_email_enabled' ? boolean = false |
| 71 | +}; |
| 72 | + |
| 73 | +type grafana_auth = { |
| 74 | + # Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false |
| 75 | + 'disable_login_form' ? boolean = false |
| 76 | + |
| 77 | + # Set to true to disable the sign out link in the side menu. Useful if you use auth.proxy or auth.jwt, defaults to false |
| 78 | + 'disable_signout_menu' ? boolean = false |
| 79 | +}; |
| 80 | + |
| 81 | +type grafana_auth_proxy = { |
| 82 | + 'enabled' ? boolean = false |
| 83 | + 'header_name' ? string = 'X-WEBAUTH-USER' |
| 84 | + 'header_property' ? string = 'username' |
| 85 | + 'auto_sign_up' ? boolean = true |
| 86 | + 'whitelist' ? list() |
| 87 | + 'headers' ? string = 'Email:X-User-Email, Name:X-User-Name' |
| 88 | + # Non-ASCII strings in header values are encoded using quoted-printable encoding |
| 89 | + 'headers_encoded' ? boolean = false |
| 90 | + # Read the auth proxy docs for details on what the setting below enables |
| 91 | + 'enable_login_token' ? boolean = false |
| 92 | +}; |
| 93 | + |
| 94 | +type grafana_smtp = { |
| 95 | + 'enabled' ? boolean = false |
| 96 | + 'host' ? string |
| 97 | + 'user' ? string |
| 98 | + # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" |
| 99 | + 'password' ? string |
| 100 | + 'cert_file' ? absolute_file_path |
| 101 | + 'key_file' ? absolute_file_path |
| 102 | + 'skip_verify' ? boolean = false |
| 103 | + 'from_address' ? string = '[email protected]' |
| 104 | + 'from_name' ? string = 'Grafana' |
| 105 | + # EHLO identity in SMTP dialog (defaults to instance_name) |
| 106 | + 'ehlo_identity' ? string |
| 107 | + # SMTP startTLS policy (defaults to 'OpportunisticStartTLS') |
| 108 | + 'startTLS_policy' ? string |
| 109 | + # Enable trace propagation in e-mail headers, using the 'traceparent', 'tracestate' and (optionally) 'baggage' fields (defaults to false) |
| 110 | + 'enable_tracing' ? string |
| 111 | +}; |
| 112 | +type grafana_external_image_storage = { |
| 113 | + # Used for uploading images to public servers so they can be included in slack/email messages. |
| 114 | + 'provider' ? choice('s3', 'webdav', 'gcs', 'azure_blob', 'local') |
| 115 | +}; |
| 116 | + |
| 117 | +type grafana_plugins = { |
| 118 | + 'enable_alpha' ? boolean = false |
| 119 | + 'app_tls_skip_verify_insecure' ? boolean = false |
| 120 | + # Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded. |
| 121 | + 'allow_loading_unsigned_plugins' ? list() |
| 122 | + # Enable or disable installing / uninstalling / updating plugins directly from within Grafana. |
| 123 | + 'plugin_admin_enabled' ? boolean = false |
| 124 | + # Log all backend requests for core and external plugins. |
| 125 | + 'log_backend_requests' ? boolean = false |
| 126 | + # Disable download of the public key for verifying plugin signature. |
| 127 | + 'public_key_retrieval_disabled' ? boolean = false |
| 128 | + # Force download of the public key for verifying plugin signature on startup. If disabled, the public key will be retrieved every 10 days. |
| 129 | + # Requires public_key_retrieval_disabled to be false to have any effect. |
| 130 | + 'public_key_retrieval_on_startup' ? boolean = false |
| 131 | + # Enter a comma-separated list of plugin identifiers to avoid loading (including core plugins). These plugins will be hidden in the catalog. |
| 132 | + 'disable_plugins' ? boolean = false |
| 133 | +}; |
| 134 | + |
| 135 | + |
| 136 | + |
| 137 | +type grafana_ini = { |
| 138 | + "server" ? grafana_server |
| 139 | + "database" ? grafana_database |
| 140 | + "security" ? grafana_security |
| 141 | + "users" ? grafana_users |
| 142 | + "auth" ? grafana_auth |
| 143 | + "auth.proxy" ? grafana_auth_proxy |
| 144 | + "smtp" ? grafana_smtp |
| 145 | + "external_image_storage" ? grafana_external_image_storage |
| 146 | + "plugins" ? grafana_plugins |
| 147 | +}; |
0 commit comments