convert to gitea

grafana/ldap.toml

@@ -0,0 +1,75 @@
+# To troubleshoot and get more log info enable ldap debug logging in grafana.ini
+# [log]
+# filters = ldap:debug
+
+[[servers]]
+# Ldap server host (specify multiple hosts space separated)
+host = "127.0.0.1"
+# Default port is 389 or 636 if use_ssl = true
+port = 389
+# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)
+use_ssl = false
+# If set to true, use LDAP with STARTTLS instead of LDAPS
+start_tls = false
+# The value of an accepted TLS cipher. By default, this value is empty. Example value: ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"])
+# For a complete list of supported ciphers and TLS versions, refer to: https://go.dev/src/crypto/tls/cipher_suites.go
+# Starting with Grafana v11.0 only ciphers with ECDHE support are accepted for TLS 1.2 connections.
+tls_ciphers = []
+# This is the minimum TLS version allowed. By default, this value is empty. Accepted values are: TLS1.1 (only for Grafana v10.4 or older), TLS1.2, TLS1.3.
+min_tls_version = ""
+# set to true if you want to skip ssl cert validation
+ssl_skip_verify = false
+# set to the path to your root CA certificate or leave unset to use system defaults
+# root_ca_cert = "/path/to/certificate.crt"
+# Authentication against LDAP servers requiring client certificates
+# client_cert = "/path/to/client.crt"
+# client_key = "/path/to/client.key"
+
+# Search user bind dn
+bind_dn = "cn=admin,dc=grafana,dc=org"
+# Search user bind password
+# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
+bind_password = 'grafana'
+# We recommend using variable expansion for the bind_password, for more info https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#variable-expansion
+# bind_password = '$__env{LDAP_BIND_PASSWORD}'
+
+# Timeout in seconds (applies to each host specified in the 'host' entry (space separated))
+timeout = 10
+
+# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
+search_filter = "(cn=%s)"
+
+# An array of base dns to search through
+search_base_dns = ["dc=grafana,dc=org"]
+
+## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
+## Please check grafana LDAP docs for examples
+# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
+# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]
+# group_search_filter_user_attribute = "uid"
+
+# Specify names of the ldap attributes your ldap uses
+[servers.attributes]
+name = "givenName"
+surname = "sn"
+username = "cn"
+member_of = "memberOf"
+email =  "email"
+
+# Map ldap groups to grafana org roles
+[[servers.group_mappings]]
+group_dn = "cn=admins,ou=groups,dc=grafana,dc=org"
+org_role = "Admin"
+# To make user an instance admin  (Grafana Admin) uncomment line below
+# grafana_admin = true
+# The Grafana organization database id, optional, if left out the default org (id 1) will be used
+# org_id = 1
+
+[[servers.group_mappings]]
+group_dn = "cn=editors,ou=groups,dc=grafana,dc=org"
+org_role = "Editor"
+
+[[servers.group_mappings]]
+# If you want to match all (or no ldap groups) then you can use wildcard
+group_dn = "*"
+org_role = "Viewer"

grafana/provisioning/access-control/sample.yaml

@@ -0,0 +1,68 @@
+# ---
+# # config file version
+# apiVersion: 2
+
+# # <list> list of roles to insert/update/delete
+# roles:
+#   # <string, required> name of the role you want to create or update. Required.
+#   - name: 'custom:users:writer'
+#     # <string> uid of the role. Has to be unique for all orgs.
+#     uid: customuserswriter1
+#     # <string> description of the role, informative purpose only.
+#     description: 'Create, read, write users'
+#     # <int> version of the role, Grafana will update the role when increased.
+#     version: 2
+#     # <int> org id. Defaults to Grafana's default if not specified.
+#     orgId: 1
+#     # <list> list of the permissions granted by this role.
+#     permissions:
+#       # <string, required> action allowed.
+#       - action: 'users:read'
+#         #<string> scope it applies to.
+#         scope: 'global.users:*'
+#       - action: 'users:write'
+#         scope: 'global.users:*'
+#       - action: 'users:create'
+#   - name: 'custom:global:users:reader'
+#     # <bool> overwrite org id and creates a global role.
+#     global: true
+#     # <string> state of the role. Defaults to 'present'. If 'absent', role will be deleted.
+#     state: 'absent'
+#     # <bool> force deletion revoking all grants of the role.
+#     force: true
+#   - uid: 'basic_editor'
+#     version: 2
+#     global: true
+#     # <list> list of roles to copy permissions from.
+#     from:
+#       - uid: 'basic_editor'
+#         global: true
+#       - name: 'fixed:users:writer'
+#         global: true
+#     # <list> list of the permissions to add/remove on top of the copied ones.
+#     permissions:
+#       - action: 'users:read'
+#         scope: 'global.users:*'
+#       - action: 'users:write'
+#         scope: 'global.users:*'
+#         # <string> state of the permission. Defaults to 'present'. If 'absent', the permission will be removed.
+#         state: absent
+
+# # <list> list role assignments to teams to create or remove.
+# teams:
+#   # <string, required> name of the team you want to assign roles to. Required.
+#   - name: 'Users writers'
+#     # <int> org id. Will default to Grafana's default if not specified.
+#     orgId: 1
+#     # <list> list of roles to assign to the team
+#     roles:
+#       # <string> uid of the role you want to assign to the team.
+#       - uid: 'customuserswriter1'
+#         # <int> org id. Will default to Grafana's default if not specified.
+#         orgId: 1
+#       # <string> name of the role you want to assign to the team.
+#       - name: 'fixed:users:writer'
+#         # <bool> overwrite org id to specify the role is global.
+#         global: true
+#         # <string> state of the assignment. Defaults to 'present'. If 'absent', the assignment will be revoked.
+#         state: absent

grafana/provisioning/alerting/sample.yaml

@@ -0,0 +1,227 @@
+# # config file version
+apiVersion: 1
+
+# # List of rule groups to import or update
+# groups:
+#     # <int> organization ID, default = 1
+#   - orgId: 1
+#     # <string, required> name of the rule group
+#     name: my_rule_group
+#     # <string, required> name of the folder the rule group will be stored in
+#     folder: my_first_folder
+#     # <duration, required> interval of the rule group evaluation
+#     interval: 60s
+#     # <list, required> list of rules that are part of the rule group
+#     rules:
+#       # <string, required> unique identifier for the rule. Should not exceed 40 symbols. Only letters, numbers, - (hyphen), and _ (underscore) allowed.
+#     - uid: my_id_1
+#       # <string, required> title of the rule, will be displayed in the UI
+#       title: my_first_rule
+#       # <string, required> query used for the condition
+#       condition: A
+#       # <list, required> list of query objects that should be executed on each
+#       #                  evaluation - should be obtained via the API
+#       data:
+#       - refId: A
+#         datasourceUid: "__expr__"
+#         model:
+#           conditions:
+#           - evaluator:
+#               params:
+#               - 3
+#               type: gt
+#             operator:
+#               type: and
+#             query:
+#               params:
+#               - A
+#             reducer:
+#               type: last
+#             type: query
+#           datasource:
+#             type: __expr__
+#             uid: "__expr__"
+#           expression: 1==0
+#           intervalMs: 1000
+#           maxDataPoints: 43200
+#           refId: A
+#           type: math
+#       # <string> UID of a dashboard that the alert rule should be linked to
+#       dashboardUid: my_dashboard
+#       # <int> ID of the panel that the alert rule should be linked to
+#       panelId: 123
+#       # <string> state of the alert rule when no data is returned
+#       #          possible values: "NoData", "Alerting", "OK", default = NoData
+#       noDataState: Alerting
+#       # <string> state of the alert rule when the query execution
+#       #          fails - possible values: "Error", "Alerting", "OK"
+#       #          default = Alerting
+#       executionErrorState: Alerting
+#       # <duration, required> how long the alert condition should be breached before Firing. Before this time has elapsed, the alert is considered to be Pending
+#       for: 60s
+#       # <map<string, string>> map of strings to attach arbitrary custom data
+#       annotations:
+#         some_key: some_value
+#       # <map<string, string> map of strings to filter and
+#       #                      route alerts
+#       labels:
+#         team: sre_team_1
+#       isPaused: false
+#       # optional settings that let configure notification settings applied to alerts created by this rule
+#       notification_settings:
+#          # <string> name of the receiver (contact-point) that should be used for this route
+#          receiver: grafana-default-email
+#          # <list<string>> The labels by which incoming alerts are grouped together. For example,
+#          #        multiple alerts coming in for cluster=A and alertname=LatencyHigh would
+#          #        be batched into a single group.
+#          #
+#          #        To aggregate by all possible labels, use the special value '...' as
+#          #        the sole label name, for example:
+#          #        group_by: ['...']
+#          #        This effectively disables aggregation entirely, passing through all
+#          #        alerts as-is. This is unlikely to be what you want, unless you have
+#          #        a very low alert volume or your upstream notification system performs
+#          #        its own grouping.
+#          # If defined, must contain the labels 'alertname' and 'grafana_folder', except when contains '...'
+#          group_by: ["alertname", "grafana_folder", "region"]
+#          # <list> Times when the route should be muted. These must match the name of a
+#          #        mute time interval.
+#          #        Additionally, the root node cannot have any mute times.
+#          #        When a route is muted it will not send any notifications, but
+#          #        otherwise acts normally (including ending the route-matching process
+#          #        if the `continue` option is not set)
+#          mute_time_intervals:
+#          - abc
+#          # <duration> How long to initially wait to send a notification for a group
+#          #            of alerts. Allows to collect more initial alerts for the same group.
+#          #            (Usually ~0s to few minutes).
+#          #            If not specified, the corresponding setting of the default policy is used.
+#          group_wait: 30s
+#          # <duration> How long to wait before sending a notification about new alerts that
+#          #            are added to a group of alerts for which an initial notification has
+#          #            already been sent. (Usually ~5m or more).
+#          #            If not specified, the corresponding setting of the default policy is used.
+#          group_interval: 5m
+#          # <duration>  How long to wait before sending a notification again if it has already
+#          #             been sent successfully for an alert. (Usually ~3h or more)
+#          #             If not specified, the corresponding setting of the default policy is used.
+#          repeat_interval: 4h
+
+# # List of alert rule UIDs that should be deleted
+# deleteRules:
+#    # <int> organization ID, default = 1
+#  - orgId: 1
+#    # <string, required> unique identifier for the rule
+#    uid: my_id_1
+
+# # List of contact points to import or update
+# contactPoints:
+#     # <int> organization ID, default = 1
+#   - orgId: 1
+#     # <string, required> name of the contact point
+#     name: cp_1
+#     receivers:
+#       # <string, required> unique identifier for the receiver. Should not exceed 40 symbols. Only letters, numbers, - (hyphen), and _ (underscore) allowed.
+#     - uid: first_uid
+#       # <string, required> type of the receiver
+#       type: prometheus-alertmanager
+#       # <object, required> settings for the specific receiver type
+#       settings:
+#         url: http://test:9000
+
+# # List of receivers that should be deleted
+# deleteContactPoints:
+# - orgId: 1
+#   uid: first_uid
+
+# # List of notification policies to import or update
+# policies:
+#     # <int> organization ID, default = 1
+#   - orgId: 1
+#     # <string> name of the receiver that should be used for this route
+#     receiver: grafana-default-email
+#     # <list<string>> The labels by which incoming alerts are grouped together. For example,
+#     #        multiple alerts coming in for cluster=A and alertname=LatencyHigh would
+#     #        be batched into a single group.
+#     #
+#     #        To aggregate by all possible labels, use the special value '...' as
+#     #        the sole label name, for example:
+#     #        group_by: ['...']
+#     #        This effectively disables aggregation entirely, passing through all
+#     #        alerts as-is. This is unlikely to be what you want, unless you have
+#     #        a very low alert volume or your upstream notification system performs
+#     #        its own grouping.
+#     group_by:
+#     - grafana_folder
+#     - alertname
+#     # <list> a list of matchers that an alert has to fulfill to match the node
+#     matchers:
+#     - alertname = Watchdog
+#     - severity =~ "warning|critical"
+#     # <list> Times when the route should be muted. These must match the name of a
+#     #        mute time interval.
+#     #        Additionally, the root node cannot have any mute times.
+#     #        When a route is muted it will not send any notifications, but
+#     #        otherwise acts normally (including ending the route-matching process
+#     #        if the `continue` option is not set)
+#     mute_time_intervals:
+#     - abc
+#     # <duration> How long to initially wait to send a notification for a group
+#     #            of alerts. Allows to collect more initial alerts for the same group.
+#     #            (Usually ~0s to few minutes), default = 30s
+#     group_wait: 30s
+#     # <duration> How long to wait before sending a notification about new alerts that
+#     #            are added to a group of alerts for which an initial notification has
+#     #            already been sent. (Usually ~5m or more), default = 5m
+#     group_interval: 5m
+#     # <duration>  How long to wait before sending a notification again if it has already
+#     #             been sent successfully for an alert. (Usually ~3h or more), default = 4h
+#     repeat_interval: 4h
+#     # <list> Zero or more child routes
+#     routes:
+#     ...
+
+# # List of orgIds that should be reset to the default policy
+# resetPolicies:
+# - 1
+
+# # List of templates to import or update
+# templates:
+#     # <int> organization ID, default = 1
+#   - orgID: 1
+#     # <string, required> name of the template, must be unique
+#     name: my_first_template
+#     # <string, required> content of the template
+#     template: Alerting with a custome text template
+
+# # List of templates that should be deleted
+# deleteTemplates:
+#    # <int> organization ID, default = 1
+#  - orgId: 1
+#    # <string, required> name of the template, must be unique
+#    name: my_first_template
+
+
+# # List of mute time intervals to import or update
+# muteTimes:
+#   # <int> organization ID, default = 1
+# - orgId: 1
+#   # <string, required> name of the mute time interval, must be unique
+#   name: mti_1
+#   # <list> time intervals that should trigger the muting
+#            refer to https://prometheus.io/docs/alerting/latest/configuration/#time_interval-0
+#   time_intervals:
+#    - times:
+#      - start_time: '06:00'
+#        end_time: '23:59'
+#      weekdays: ['monday:wednesday','saturday', 'sunday']
+#      months: ['1:3', 'may:august', 'december']
+#      years: ['2020:2022', '2030']
+#      days_of_month: ['1:5', '-3:-1']
+
+# # List of mute time intervals that should be deleted
+# deleteMuteTimes:
+#   # <int> organization ID, default = 1
+# - orgId: 1
+#   # <string, required> name of the mute time interval, must be unique
+#   name: mti_1

grafana/provisioning/dashboards/sample.yaml

@@ -0,0 +1,11 @@
+# # config file version
+apiVersion: 1
+
+#providers:
+# - name: 'default'
+#   orgId: 1
+#   folder: ''
+#   folderUid: ''
+#   type: file
+#   options:
+#     path: /var/lib/grafana/dashboards

grafana/provisioning/datasources/sample.yaml

@@ -0,0 +1,71 @@
+# Configuration file version
+apiVersion: 1
+
+# # List of data sources to delete from the database.
+# deleteDatasources:
+#   - name: Graphite
+#     orgId: 1
+
+# # List of data sources to insert/update depending on what's
+# # available in the database.
+# datasources:
+#   # <string, required> Sets the name you use to refer to
+#   # the data source in panels and queries.
+#   - name: Graphite
+#     # <string, required> Sets the data source type.
+#     type: graphite
+#     # <string, required> Sets the access mode, either
+#     # proxy or direct (Server or Browser in the UI).
+#     # Some data sources are incompatible with any setting
+#     # but proxy (Server).
+#     access: proxy
+#     # <int> Sets the organization id. Defaults to orgId 1.
+#     orgId: 1
+#     # <string> Sets a custom UID to reference this
+#     # data source in other parts of the configuration.
+#     # If not specified, Grafana generates one.
+#     uid: my_unique_uid
+#     # <string> Sets the data source's URL, including the
+#     # port.
+#     url: http://localhost:8080
+#     # <string> Sets the database user, if necessary.
+#     user:
+#     # <string> Sets the database name, if necessary.
+#     database:
+#     # <bool> Enables basic authorization.
+#     basicAuth:
+#     # <string> Sets the basic authorization username.
+#     basicAuthUser:
+#     # <bool> Enables credential headers.
+#     withCredentials:
+#     # <bool> Toggles whether the data source is pre-selected
+#     # for new panels. You can set only one default
+#     # data source per organization.
+#     isDefault:
+#     # <map> Fields to convert to JSON and store in jsonData.
+#     jsonData:
+#       # <string> Defines the Graphite service's version.
+#       graphiteVersion: '1.1'
+#       # <bool> Enables TLS authentication using a client
+#       # certificate configured in secureJsonData.
+#       tlsAuth: true
+#       # <bool> Enables TLS authentication using a CA
+#       # certificate.
+#       tlsAuthWithCACert: true
+#     # <map> Fields to encrypt before storing in jsonData.
+#     secureJsonData:
+#       # <string> Defines the CA cert, client cert, and
+#       # client key for encrypted authentication.
+#       tlsCACert: '...'
+#       tlsClientCert: '...'
+#       tlsClientKey: '...'
+#       # <string> Sets the database password, if necessary.
+#       password:
+#       # <string> Sets the basic authorization password.
+#       basicAuthPassword:
+#     # <int> Sets the version. Used to compare versions when
+#     # updating. Ignored when creating a new data source.
+#     version: 1
+#     # <bool> Allows users to edit data sources from the
+#     # Grafana UI.
+#     editable: false

grafana/provisioning/plugins/sample.yaml

@@ -0,0 +1,11 @@
+# # config file version
+apiVersion: 1
+
+# apps:
+#   - type: grafana-example-app
+#     org_name: Main Org.
+#     disabled: true
+#   - type: raintank-worldping-app
+#     org_id: 1
+#     jsonData:
+#       apiKey: "API KEY"