#128 Fix secret leak, document better configuration procedure

fighter/config/monitoring/README.md

@@ -1,3 +1,52 @@
+# Grafana
+
+## Updating Configuration File
+The Grafana config is edited by providing overrides in `$DOCKER_DATA/custom.ini`, which maps to `/etc/grafana/grafana.ini` inside the container. 
+
+The `custom.ini` file stores secrets in plain text, so we can't keep it in version control. But I've included snippets for reference below:
+
+### Basic Server Config
+```ini
+[server]
+domain = grafana.jafner.net
+root_url = %(protocol)s://%(domain)s/
+force_migration = true
+```
+
+### Configure Auth to Sign In via Keycloak
+```ini
+[auth]
+oauth_auto_login = true
+
+[auth.anonymous]
+enabled = true
+
+[auth.generic_oauth]
+name = OAuth
+icon = signin
+enabled = true
+client_id = grafana.jafner.net
+client_secret = **************************
+scopes = email openid profile
+empty_scopes = false
+auth_url = https://keycloak.jafner.net/realms/Jafner.net/protocol/openid-connect/auth
+token_url = https://keycloak.jafner.net/realms/Jafner.net/protocol/openid-connect/token
+api_url = https://keycloak.jafner.net/realms/Jafner.net/protocol/
+signout_redirect_url = https://grafana.jafner.net
+```
+
+### Configure Email Sending via SMTP (Protonmail)
+```ini
+[smtp]
+enabled = true
+host = smtp.protonmail.ch:587
+user = noreply@jafner.net
+password = ****************
+from_address = noreply@jafner.net
+from_name = Grafana
+startTLS_policy = OpportunisticStartTLS
+```
+
 # Monitoring Specification
 Monitors are split into three types: Host, Application, and IoT
 All monitors use a Prometheus exporter.

fighter/config/monitoring/custom.ini

@@ -1,25 +0,0 @@
-force_migration = true
-
-[server]
-domain = grafana.jafner.net
-root_url = %(protocol)s://%(domain)s/
-force_migration = true
-
-[auth]
-oauth_auto_login = true
-
-[auth.anonymous]
-enabled = true
-
-[auth.generic_oauth]
-name = OAuth
-icon = signin
-enabled = true
-client_id = grafana.jafner.net
-client_secret = HRCGM4l8DBO3pdWFl8BT28qEfI4jvo8L
-scopes = email openid profile
-empty_scopes = false
-auth_url = https://keycloak.jafner.net/realms/Jafner.net/protocol/openid-connect/auth
-token_url = https://keycloak.jafner.net/realms/Jafner.net/protocol/openid-connect/token
-api_url = https://keycloak.jafner.net/realms/Jafner.net/protocol/
-signout_redirect_url = https://grafana.jafner.net

fighter/config/monitoring/docker-compose.yml

@@ -10,7 +10,7 @@ services:
     user: "0"
     volumes:  
       - ${DOCKER_DATA}/grafana:/var/lib/grafana
-      - ./custom.ini:/etc/grafana/grafana.ini
+      - ${DOCKER_DATA}/custom.ini:/etc/grafana/grafana.ini
     labels:
       - traefik.http.routers.grafana.rule=Host(`grafana.jafner.net`)
       - traefik.http.routers.grafana.tls.certresolver=lets-encrypt