; stacks/monitoring/grafana/grafana.ini
; Sign-in goes through Authelia's forward_auth in Caddy, so
; anonymous is off and proxy auth header is trusted inside the docker net.
[server]
protocol = http
http_port = 3000
domain = grafana.home.arpa
root_url = https://grafana.home.arpa/
enforce_domain = false
serve_from_sub_path = false
[security]
cookie_secure = true
cookie_samesite = lax
strict_transport_security = true
disable_gravatar = true
allow_embedding = false
[users]
allow_sign_up = false
allow_org_create = false
auto_assign_org = true
auto_assign_org_role = Viewer
default_theme = dark
[auth]
disable_login_form = true
disable_signout_menu = false
[auth.anonymous]
enabled = false
[auth.proxy]
enabled = true
header_name = Remote-User
header_property = username
auto_sign_up = true
headers = Name:Remote-Name Email:Remote-Email Groups:Remote-Groups
enable_login_token = false
whitelist = 172.20.0.0/16
[auth.basic]
enabled = false
[analytics]
reporting_enabled = false
check_for_updates = false
check_for_plugin_updates = false
[log]
mode = console
level = info
[dashboards]
min_refresh_interval = 10s
default_home_dashboard_path = /var/lib/grafana/dashboards/node-exporter.json
[panels]
disable_sanitize_html = false
[unified_alerting]
enabled = false
[alerting]
enabled = false
[metrics]
enabled = true
interval_seconds = 30
[database]
type = sqlite3
path = grafana.db
cache_mode = private
wal = true