| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108 |
- services:
- {{ service_name }}:
- image: docker.io/grafana/grafana-oss:12.3.1
- restart: {{ restart_policy }}
- {% if database_type != 'sqlite' or authentik_enabled %}
- environment:
- {% if database_type == 'postgres' %}
- - GF_DATABASE_TYPE=postgres
- {% if database_external %}
- - GF_DATABASE_HOST={{ database_host }}
- {% else %}
- - GF_DATABASE_HOST={{ service_name }}_db
- {% endif %}
- - GF_DATABASE_NAME={{ database_name }}
- - GF_DATABASE_USER={{ database_user }}
- - GF_DATABASE_PASSWORD=${GRAFANA_DB_PASSWORD}
- - GF_DATABASE_SSL_MODE=disable
- {% endif %}
- {% if authentik_enabled %}
- - GF_AUTH_GENERIC_OAUTH_ENABLED=true
- - GF_AUTH_GENERIC_OAUTH_NAME={{ authentik_slug }}
- - GF_AUTH_GENERIC_OAUTH_CLIENT_ID=${GRAFANA_OAUTH_CLIENT_ID}
- - GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=${GRAFANA_OAUTH_CLIENT_SECRET}
- - GF_AUTH_GENERIC_OAUTH_SCOPES=openid profile email
- - GF_AUTH_GENERIC_OAUTH_AUTH_URL={{ authentik_url }}/application/o/authorize/
- - GF_AUTH_GENERIC_OAUTH_TOKEN_URL={{ authentik_url }}/application/o/token/
- - GF_AUTH_GENERIC_OAUTH_API_URL={{ authentik_url }}/application/o/userinfo/
- - GF_AUTH_SIGNOUT_REDIRECT_URL={{ authentik_url }}/application/o/{{ authentik_slug }}/end-session/
- - GF_AUTH_OAUTH_AUTO_LOGIN=true
- {% if traefik_enabled %}
- - GF_SERVER_ROOT_URL=https://{{ traefik_host }}.{{ traefik_domain }}
- {% endif %}
- - GF_AUTH_OAUTH_ALLOW_INSECURE_EMAIL_LOOKUP=true
- - GF_AUTH_GENERIC_OAUTH_SKIP_ORG_ROLE_SYNC=true
- {% endif %}
- {% endif %}
- {% if not database_external and (database_type == "postgres") or traefik_enabled %}
- networks:
- {% if not database_external and database_type != 'sqlite' %}
- - {{ service_name }}_backend
- {% endif %}
- {% if traefik_enabled %}
- - {{ traefik_network }}
- {% endif %}
- {% endif %}
- {% if not traefik_enabled %}
- ports:
- - "{{ ports_http }}:3000"
- {% endif %}
- volumes:
- - {{ service_name }}_data:/var/lib/grafana
- {% if traefik_enabled and not swarm_enabled %}
- labels:
- - traefik.enable=true
- - traefik.docker.network={{ traefik_network }}
- - traefik.http.services.{{ service_name }}_web.loadBalancer.server.port=3000
- - traefik.http.routers.{{ service_name }}_http.service={{ service_name }}_web
- - traefik.http.routers.{{ service_name }}_http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
- - traefik.http.routers.{{ service_name }}_http.entrypoints=web
- {% if traefik_tls_enabled %}
- - traefik.http.routers.{{ service_name }}_https.service={{ service_name }}_web
- - traefik.http.routers.{{ service_name }}_https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
- - traefik.http.routers.{{ service_name }}_https.entrypoints=websecure
- - traefik.http.routers.{{ service_name }}_https.tls=true
- - traefik.http.routers.{{ service_name }}_https.tls.certresolver={{ traefik_tls_certresolver }}
- {% endif %}
- {% endif %}
- {% if not database_external and database_type == "postgres" %}
- {{ service_name }}_db:
- image: docker.io/library/postgres:17.7
- restart: {{ restart_policy }}
- environment:
- - POSTGRES_USER={{ database_user }}
- - POSTGRES_PASSWORD=${GRAFANA_DB_PASSWORD}
- - POSTGRES_DB={{ database_name }}
- networks:
- - {{ service_name }}_backend
- healthcheck:
- test: ["CMD-SHELL", "pg_isready -U {{ database_user }}"]
- start_period: 30s
- interval: 10s
- timeout: 10s
- retries: 5
- volumes:
- - {{ service_name }}_db:/var/lib/postgresql/data
- {% endif %}
- {% if not database_external and (database_type == "postgres") or traefik_enabled %}
- networks:
- {% if not database_external %}
- {{ service_name }}_backend:
- driver: bridge
- {% endif %}
- {% if traefik_enabled %}
- {{ traefik_network }}:
- external: true
- {% endif %}
- {% endif %}
- volumes:
- {{ service_name }}_data:
- driver: local
- {% if not database_external and database_type == 'postgres' %}
- {{ service_name }}_db:
- driver: local
- {% endif %}
|
