harkon/ai-tax-agent
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: configured grafana
Some checks failed
CI/CD Pipeline / Code Quality & Linting (push) Has been cancelled
Details
CI/CD Pipeline / Test Suite (push) Has been cancelled
Details
CI/CD Pipeline / Policy Validation (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-coverage) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-extract) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-firm-connectors) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-forms) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-hmrc) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-ingestion) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-kg) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-normalize-map) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-ocr) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-rag-indexer) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-rag-retriever) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-reason) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-rpa) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (ui-review) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-coverage) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-extract) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-kg) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-rag-retriever) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (ui-review) (push) Has been cancelled
Details
CI/CD Pipeline / Generate SBOM (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
Details
CI/CD Pipeline / Notifications (push) Has been cancelled
Details

Browse Source
This commit is contained in:
harkon
2025-12-04 14:30:59 +02:00
parent 7e54ee9099
commit 1c160d89a4
2 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
infra/base/authentik/bootstrap-prod.yaml
View File

@@ -250,14 +250,14 @@ entries:
# Admin role mapping # Admin role mapping
if "authentik Admins" in user_groups or "Administrators" in user_groups: if "authentik Admins" in user_groups or "Administrators" in user_groups:
return "Admin" return {"role": "Admin"}
# Editor role mapping # Editor role mapping
if "Tax Reviewers" in user_groups or "Accountants" in user_groups: if "Tax Reviewers" in user_groups or "Accountants" in user_groups:
return "Editor" return {"role": "Editor"}
# Default to Viewer role # Default to Viewer role
return "Viewer" return {"role": "Viewer"}
# Custom Scope Mapping for MinIO # Custom Scope Mapping for MinIO
- id: scope_minio_policy - id: scope_minio_policy

8
infra/base/monitoring.yaml
View File

@@ -60,6 +60,8 @@ services:
GF_USERS_ALLOW_SIGN_UP: false GF_USERS_ALLOW_SIGN_UP: false
GF_USERS_AUTO_ASSIGN_ORG: true GF_USERS_AUTO_ASSIGN_ORG: true
GF_USERS_AUTO_ASSIGN_ORG_ROLE: Viewer GF_USERS_AUTO_ASSIGN_ORG_ROLE: Viewer
GF_LOG_MODE: console
GF_LOG_LEVEL: info
GF_AUTH_GENERIC_OAUTH_ENABLED: true GF_AUTH_GENERIC_OAUTH_ENABLED: true
GF_AUTH_GENERIC_OAUTH_NAME: Authentik GF_AUTH_GENERIC_OAUTH_NAME: Authentik
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: ${GRAFANA_OAUTH_CLIENT_ID} GF_AUTH_GENERIC_OAUTH_CLIENT_ID: ${GRAFANA_OAUTH_CLIENT_ID}
@@ -70,9 +72,10 @@ services:
GF_AUTH_GENERIC_OAUTH_API_URL: http://apa-authentik-server:9000/application/o/userinfo/ GF_AUTH_GENERIC_OAUTH_API_URL: http://apa-authentik-server:9000/application/o/userinfo/
GF_AUTH_GENERIC_OAUTH_AUTO_LOGIN: false GF_AUTH_GENERIC_OAUTH_AUTO_LOGIN: false
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: true GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: true
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: role GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(groups, 'Administrators') && 'Admin' || contains(groups, 'authentik Admins') && 'Admin' || contains(groups, 'Tax Reviewers') && 'Editor' || contains(groups, 'Accountants') && 'Editor' || 'Viewer'
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_STRICT: false GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_STRICT: true
GF_AUTH_GENERIC_OAUTH_GROUPS_ATTRIBUTE_PATH: groups GF_AUTH_GENERIC_OAUTH_GROUPS_ATTRIBUTE_PATH: groups
GF_AUTH_SIGNOUT_REDIRECT_URL: https://auth.${DOMAIN}/application/o/grafana-prod/end-session/
GF_AUTH_OAUTH_AUTO_LOGIN: false GF_AUTH_OAUTH_AUTO_LOGIN: false
GF_AUTH_DISABLE_LOGIN_FORM: false GF_AUTH_DISABLE_LOGIN_FORM: false
GF_SERVER_ROOT_URL: https://grafana.${DOMAIN} GF_SERVER_ROOT_URL: https://grafana.${DOMAIN}
@@ -81,7 +84,6 @@ services:
GF_SECURITY_COOKIE_SAMESITE: lax GF_SECURITY_COOKIE_SAMESITE: lax
GF_AUTH_GENERIC_OAUTH_USE_PKCE: true GF_AUTH_GENERIC_OAUTH_USE_PKCE: true
GF_AUTH_GENERIC_OAUTH_TLS_SKIP_VERIFY_INSECURE: true GF_AUTH_GENERIC_OAUTH_TLS_SKIP_VERIFY_INSECURE: true
GF_AUTH_SIGNOUT_REDIRECT_URL: https://auth.${DOMAIN}/application/o/grafana/end-session/
extra_hosts: extra_hosts:
- "auth.local.lan:host-gateway" - "auth.local.lan:host-gateway"
- "grafana.local.lan:host-gateway" - "grafana.local.lan:host-gateway"