--- grafana_user: grafana grafana_version: "10.1.1" grafana_base_path: "/opt/grafana" grafana_config_path: "{{ grafana_base_path }}/config" grafana_config_file: "{{ grafana_config_path }}/grafana.ini" grafana_ldap_config_file: "{{ grafana_config_path }}/ldap.toml" grafana_provisioning_path: "{{ grafana_config_path }}/provisioning" grafana_notifier_provisioning_path: "{{ grafana_provisioning_path }}/notifiers" grafana_dashboard_provisioning_path: "{{ grafana_provisioning_path }}/dashboards" grafana_datasource_provisioning_path: "{{ grafana_provisioning_path }}/datasources" grafana_plugin_provisioning_path: "{{ grafana_provisioning_path }}/plugins" grafana_data_path: "{{ grafana_base_path }}/data" grafana_logs_path: "{{ grafana_base_path }}/logs" grafana_state: present grafana_run_user: >- {{ ('uid' in (grafana_user_info | default([]))) | ternary(grafana_user_info.uid, grafana_user) }} grafana_run_group: >- {{ ('group' in (grafana_user_info | default([]))) | ternary(grafana_user_info.group, grafana_user) }} grafana_container_image_server: "docker.io" grafana_container_image_namespace: "grafana" grafana_container_image_container: "grafana" grafana_container_image_name: >- {{ [ ((grafana_container_image_server is defined) | ternary([ grafana_container_image_server ], [])), ((grafana_container_image_namespace is defined) | ternary([ grafana_container_image_namespace], [])), grafana_container_image_container, ] | ansible.builtin.flatten | join('/') }} grafana_container_image: >- {{ grafana_container_image_name }}:{{ grafana_container_image_tag | default(grafana_version, true) }} grafana_container_name: grafana grafana_container_base_volumes: - "{{ grafana_config_path }}:{{ grafana_container_config_path }}:ro" - "{{ grafana_data_path }}:{{ grafana_container_data_path }}:rw" - "{{ grafana_logs_path }}:{{ grafana_container_logs_path }}:rw" grafana_container_volumes: [] grafana_container_collected_volumes: >- {{ grafana_container_base_volumes + grafana_container_volumes }} grafana_container_restart_policy: "unless-stopped" grafana_config_log_mode: - console - file grafana_config_auth_generic_oauth_scopes: - openid - profile - email - roles - offline_access grafana_config_auth_generic_oauth_config: enabled: "{{ grafana_config_auth_generic_oauth_enabled }}" name: "{{ grafana_config_auth_generic_oauth_name }}" client_id: "{{ grafana_config_auth_generic_oauth_client_id }}" client_secret: "{{ grafana_config_auth_generic_oauth_client_secret }}" scopes: "{{ grafana_config_auth_generic_oauth_scopes | join(' ') }}" email_attribute_name: "{{ grafana_config_auth_generic_oauth_email_attribute_name | default('email') }}" email_attribute_path: "{{ grafana_config_auth_generic_oauth_email_attribute_name | default('email') }}" login_attribute_path: "{{ grafana_config_auth_generic_oauth_login_attribute_name | default('preferred_username') }}" name_attribute_path: "{{ grafana_config_auth_generic_oauth_name_attribute_name | default('name') }}" api_url: "{{ grafana_config_auth_generic_oauth_api_url }}" auth_url: "{{ grafana_config_auth_generic_oauth_auth_url }}" token_url: "{{ grafana_config_auth_generic_oauth_token_url }}" role_attribute_path: "{{ grafana_config_auth_generic_oauth_role_attribute_path | default('') }}" grafana_default_config: DEFAULT: app_mode: "{{ grafana_config_app_mode | default('production') }}" instance_name: "{{ grafana_config_instance_name | default('${HOSTNAME}') }}" paths: data: "{{ grafana_config_paths_data | default('/var/lib/grafana') }}" temp_data_lifetime: "{{ grafana_config_paths_temp_data_lifetime | default('24h') }}" logs: "{{ grafana_config_paths_logs | default('/var/log/grafana') }}" plugins: "{{ grafana_config_paths_plugins | default('/var/lib/grafana/plugins') }}" provisioning: "{{ grafana_config_paths_provisioning | default('conf/provisioning') }}" server: protocol: "{{ grafana_config_server_protocol | default('http') }}" http_addr: "{{ grafana_config_server_http_addr | default('\"\"') }}" http_port: "{{ grafana_config_server_http_port | default(3000) }}" domain: "{{ grafana_config_server_domain }}" enforce_domain: "{{ grafana_config_server_enforce_domain | default(true) }}" root_url: "{{ grafana_config_server_root_url | default('%(protocol)s://%(domain)s:%(http_port)s/') }}" serve_from_subpath: "{{ grafana_config_server_serve_from_subpath | default(false) }}" router_logging: "{{ grafana_config_server_router_logging | default(false) }}" static_root_path: "{{ grafana_config_server_static_root_path | default('public') }}" enable_gzip: "{{ grafana_config_server_enable_gzip | default(false) }}" cert_file: "{{ grafana_config_server_cert_file | default('\"\"') }}" cert_key: "{{ grafana_config_server_cert_key | default('\"\"') }}" socket: "{{ grafana_config_server_socket | default('\"\"') }}" database: type: "{{ grafana_config_database_type | default('sqlite3') }}" host: "{{ grafana_config_database_host | default('127.0.0.1:3306') }}" name: "{{ grafana_config_database_name | default('grafana') }}" user: "{{ grafana_config_database_user | default('root') }}" password: "{{ grafana_config_database_password | default('') }}" url: "{{ grafana_config_database_url | default('') }}" ssl_mode: "{{ grafana_config_database_ssl_mode | default('disable') }}" ca_cert_path: "{{ grafana_config_database_ca_cert_path | default('') }}" client_key_path: "{{ grafana_config_database_client_key_path | default('') }}" client_cert_path: "{{ grafana_config_database_client_cert_path | default('') }}" server_cert_name: "{{ grafana_config_database_srver_cert_name | default('') }}" path: "{{ grafana_config_database_path | default('grafana.db') }}" max_idle_conn: "{{ grafana_config_database_max_idle_conn | default(2) }}" max_open_conn: "{{ grafana_config_database_max_open_conn | default(0) }}" conn_max_lifetime: "{{ grafana_config_database_conn_max_lifetime | default(14400) }}" log_queries: "{{ grafana_config_database_log_queries | default(false) }}" cache_mode: "{{ grafana_config_database_cache_mode | default('private') }}" remote_cache: type: "{{ grafana_config_config_remote_cache_type | default('database') }}" connstr: "{{ grafana_config_remote_cache_connstr | default('') }}" dataproxy: logging: "{{ grafana_config_dataproxy_logging | default(false) }}" timeout: "{{ grafana_config_dataproxy_timeout | default(30) }}" send_user_header: "{{ grafana_config_dataproxy_send_header | default(false) }}" analytics: reporting_enabled: "{{ grafana_config_analytics_reporting_enabled | default(true) }}" check_for_updates: "{{ grafana_config_analytics_check_for_updates | default(true) }}" google_analytics_ua_id: "{{ grafana_config_analytics_google_analytics_ua_id | default('') }}" google_tag_manager_id: "{{ grafana_config_analytics_google_tag_manager_id | default('') }}" security: disable_initial_admin_create: "{{ grafana_config_security_disable_initial_admin_creation | default(false) }}" admin_user: "{{ grafana_config_security_admin_user | default('admin') }}" admin_password: "{{ grafana_config_security_admin_password }}" secret_key: "{{ grafana_config_security_secret_key }}" disable_gravatar: "{{ grafana_config_security_disable_gravatar | default(true) }}" data_source_proxy_whitelist: "{{ grafana_config_security_data_source_proxy_whitelist | default([]) | join(' ') }}" disable_brute_force_login_protection: "{{ grafana_config_security_disable_brute_force_login_protection | default(false) }}" cookie_secure: "{{ grafana_config_security_cookie_secure | default(false) }}" cookie_samesite: "{{ grafana_config_security_cookie_samesite | default('lax') }}" allow_embedding: "{{ grafana_config_security_allow_embedding | default(false) }}" strict_transport_security: "{{ grafana_config_security_strict_transport_security | default(false) }}" strict_transport_security_max_age_seconds: "{{ grafana_config_security_strict_transport_security_max_age_seconds | default(86400) }}" strict_transport_security_preload: "{{ grafana_config_security_strict_transport_security_preload | default(false) }}" strict_transport_security_subdomains: "{{ grafana_config_security_strict_transport_security_subdomains | default(false) }}" x_content_type_options: "{{ grafana_config_security_x_content_type_options | default(false) }}" x_xss_protection: "{{ grafana_config_security_x_xss_protection | default(true) }}" snapshots: external_enabled: "{{ grafana_config_snapshots_external_enabled | default(false) }}" external_snapshot_url: "{{ grafana_config_snapshots_external | default('') }}" external_snapshot_name: "{{ grafana_config_snapshots_external | default('') }}" public_mode_: "{{ grafana_config_snapshots_public_mode | default(false) }}" snapshot_remove_expired: "{{ grafana_config_snapshots_snapshot_remove_expired | default(true) }}" dashboards: versions_to_keep: "{{ grafana_config_dashboards_versions_to_keep | default(20) }}" users: allow_sign_up: "{{ grafana_config_users_allow_sign_up | default(true) }}" allow_org_create: "{{ grafana_config_users_allow_org_create | default(false) }}" auto_assign_org: "{{ grafana_config_users_auto_assign_org | default(true) }}" auto_assign_org_id: "{{ grafana_config_users_auto_assign_org_id | default(1) }}" auto_assign_org_role: "{{ grafana_config_users_auto_assign_org_role | default('Viewer') }}" verify_email_enabled: "{{ grafana_config_users_verify_email_enabled | default(false) }}" login_hint: "{{ grafana_config_users_login_hint | default('email or username') }}" password_hint: "{{ grafana_config_users_password_hint | default('password') }}" viewers_can_edit: "{{ grafana_config_users_viewers_can_edit | default(true) }}" editors_can_admin: "{{ grafana_config_users_editors_can_admin | default(false) }}" auth: login_cookie_name: "{{ grafana_config_auth_login_cookie_name | default('grafana_session') }}" login_maximum_inactive_lifetime_days: "{{ grafana_config_auth_login_maximum_inactive_lifetime_days | default(7) }}" login_maximum_lifetime_days: "{{ grafana_config_auth_login_maximum_lifetime_days | default(30) }}" token_rotation_interval_minutes: "{{ grafana_config_auth_token_rotation_interval_minutes | default(10) }}" disable_login_form: "{{ grafana_config_auth_disable_login_form | default(false) }}" disable_signout_menu: "{{ grafana_config_auth_disable_signout_menu | default(false) }}" signout_redirect_url: "{{ grafana_config_auth_signout_redirect_url | default('') }}" api_key_max_seconds_to_live: "{{ grafana_config_api_key_max_seconds_to_live | default(-1) }}" oauth_auto_login: "{{ grafana_config_auth_oauth_auto_login | default(false) }}" oauth_allow_insecure_email_lookup: "{{ grafana_config_oauth_allow_insecure_email_lookup | default(false) }}" smtp: enabled: "{{ grafana_config_smtp_enabled | default(false) }}" host: "{{ grafana_config_smtp_host | default('localhost:25') }}" user: "{{ grafana_config_smtp_user | default('') }}" password: "{{ grafana_config_smtp_password | default('') }}" cert_file: "{{ grafana_config_smtp_cert_file | default('') }}" key_file: "{{ grafana_config_smtp_key_file | default('') }}" skip_verify: "{{ grafana_config_smtp_skip_verify | default('') }}" ehlo_identity: "{{ grafana_config_smtp_ehlo_identity | default('') }}" from_address: "{{ grafana_config_smtp_from_address | default('admin@grafana.localhost') }}" from_name: "{{ grafana_config_smtp_from_name | default('Grafana') }}" emails: welcome_email_on_sign_up: "{{ grafana_config_emails_welcome_email_on_sign_up | default(false) }}" log: mode: "{{ grafana_config_log_mode | join(' ') }}" level: "{{ grafana_config_log_level | default('info') }}" filters: "{{ grafana_config_log_filters | default('') }}" "log.syslog": format: "{{ grafana_config_log_syslog_format | default('text') }}" quota: enabled: "{{ grafana_config_quota_enabled | default(false) }}" explore: enabled: "{{ grafana_config_explore_enabled | default(true) }}" metrics: enabled: "{{ grafana_config_metrics_enabled | default(false) }}" grafana_com: url: "{{ grafana_config_grafana_com_url | default('https://grafana.com') }}" grafana_merged_config: >- {{ grafana_default_config | combine({"auth.generic_oauth": grafana_config_auth_generic_oauth_config} if grafana_config_auth_generic_oauth_enabled else {}, recursive=true) | combine(grafana_config | default({}), recursive=true) }} grafana_ldap_config: log: filters: "{{ grafana_ldap_config_log_filters | default('ldap:trace') }}" servers: "{{ grafana_ldap_config_default_servers }}" grafana_ldap_config_default_servers: - host: "{{ grafana_ldap_config_servers_host }}" port: "{{ grafana_ldap_config_servers_port }}" use_ssl: "{{ grafana_ldap_config_servers_use_ssl | bool }}" start_ssl: "{{ grafana_ldap_config_servers_start_ssl | bool }}" ssl_skip_verify: "{{ grafana_ldap_config_servers_ssl_skip_verify | bool }}" bind_dn: "{{ grafana_ldap_config_servers_bind_dn }}" bind_passwort: "{{ grafana_ldap_config_servers_bind_passwort }}" search_filter: "{{ grafana_ldap_config_servers_search_filter }}" search_base_dns: "{{ grafana_ldap_config_servers_search_base_dns | to_json }}" attributes: name: "{{ grafana_ldap_config_servers_attributes_name | default('givenName') }}" surname: "{{ grafana_ldap_config_servers_attributes_name | default('sn') }}" username: "{{ grafana_ldap_config_servers_attributes_name | default('uid') }}" member_of: "{{ grafana_ldap_config_servers_attributes_member_of | default('memberOf') }}" email: "{{ grafana_ldap_config_servers_attributes_email | default('mail') }}" group_mappings: "{{ grafana_ldap_config_default_group_mappings }}" grafana_ldap_config_default_group_mappings: - group_dn: "{{ grafana_ldap_config_servers_group_mappings_group_dn }}" org_role: "{{ grafana_ldap_config_servers_group_mappings_org_role }}" org_id: "{{ grafana_ldap_config_servers_group_mappings_org_id }}" grafana_admin: "{{ grafana_ldap_config_servers_group_mappings_grafana_admin }}"