From 12e8a981000f6633bd3343840c632bdc8b525393 Mon Sep 17 00:00:00 2001
From: jaydee <jaydee@inmail.sk>
Date: Mon, 21 Oct 2024 14:48:35 +0200
Subject: [PATCH] bitwarden

---
 home-assistant/docker-compose.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/home-assistant/docker-compose.yaml b/home-assistant/docker-compose.yaml
index c5fd2ff..b1b9dd2 100644
--- a/home-assistant/docker-compose.yaml
+++ b/home-assistant/docker-compose.yaml
@@ -101,6 +101,20 @@ services:
     #   - GF_AUTH_ANONYMOUS_ENABLED=true
     #   - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
     #   - GF_SECURITY_ALLOW_EMBEDDING=true
+    environment:
+      GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
+      GF_AUTH_GENERIC_OAUTH_NAME: "authentik"
+      GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "xc8AKsYOvHFmYnRjfnvt2YfgR5pg8Mlfc9YEqd3T"
+      GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "gb5ThPlyIUN2I8UPvIKAqQBoGFmTAb7tFxt5OiJQkAG6Ef2HDKksNOjWPJFfXiO22RuCnWuyzl6IMqPYO6QTa55EYfoN5N87enh5MOhTXjo2JTTnEL1eZhEI1Sw1vBO8"
+      GF_AUTH_GENERIC_OAUTH_SCOPES: "openid profile email"
+      GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://auth.sectorq.eu/application/o/authorize/"
+      GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://auth.sectorq.eu/application/o/token/"
+      GF_AUTH_GENERIC_OAUTH_API_URL: "https://auth.sectorq.eu/application/o/userinfo/"
+      GF_AUTH_SIGNOUT_REDIRECT_URL: "https://auth.sectorq.eu/application/o/grafana/end-session/"
+      # Optionally enable auto-login (bypasses Grafana login screen)
+      GF_AUTH_OAUTH_AUTO_LOGIN: "true"
+      # Optionally map user groups to Grafana roles
+      GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'"
   influxdb:
     ports:
       - 8086:8086