loki:
  enabled: true

promtail:
  enabled: true

fluent-bit:
  enabled: true

grafana:
  enabled: true

  admin:
    existingSecret: "loki-stack-grafana"

  ingress:
    enabled: true
    annotations:
      cert-manager.io/cluster-issuer: vault-issuer
      traefik.ingress.kubernetes.io/router.tls: 'true'
    hosts:
      - grafana.dc
    tls:
     - secretName: grafana-tls
       hosts:
         - grafana.dc

  sidecar:
    datasources:
      enabled: true
    dashboards:
      enabled: true
      label: grafana_dashboard

  persistence:
    enabled: true

  plugins:
    - grafana-piechart-panel

  dashboards:
    default:
      traefik:
        gnetId: 11462
        revision: 1

  # For OAUTH Secret Token
  envFromSecret: grafana-env

  grafana.ini:
    paths:
      data: /var/lib/grafana/data
      logs: /var/log/grafana
      plugins: /var/lib/grafana/plugins
      provisioning: /etc/grafana/provisioning
    analytics:
      check_for_updates: false
    log:
      mode: console
    grafana_net:
      url: https://grafana.net
    server:
      root_url: https://grafana.dc

    auth.generic_oauth:
     name: Authentik
     enabled: true
     allow_sign_up: true
     client_id: 779461ddc18a79dba69cf2eef895a20d59b21d59
     #client_secret: IN ENV
     scopes: "openid profile email"
     #email_attribute_name: email:primary
     role_attribute_path: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'"
     auth_url: https://auth.dc/application/o/authorize/
     token_url: https://auth.dc/application/o/token/
     api_url: https://auth.dc/application/o/userinfo/
     # meh.. but for now...
     tls_skip_verify_insecure: true
 
prometheus:
  enabled: false