---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
  name: grafana
  namespace: monitoring
spec:
  interval: 30m
  chart:
    spec:
      chart: grafana
      version: 7.2.4
      sourceRef:
        kind: HelmRepository
        name: grafana
        namespace: flux-system
  maxHistory: 2
  install:
    createNamespace: true
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      retries: 3
  uninstall:
    keepHistory: false
  values:
    rbac:
      pspEnabled: false
    env:
      GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/userinfo
      GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/authorization
      GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana
      GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/token
      GF_EXPLORE_ENABLED: true
      GF_PANELS_DISABLE_SANITIZE_HTML: true
      GF_LOG_FILTERS: rendering:debug
      GF_DATE_FORMATS_FULL_DATE: "DD.MM.YYYY hh:mm:ss"
      GF_SECURITY_ALLOW_EMBEDDING: true
      GF_SECURITY_COOKIE_SAMESITE: grafana
    grafana.ini:
      analytics:
        check_for_updates: false
        check_for_plugin_updates: false
        reporting_enabled: false
      auth:
        signout_redirect_url: "https://auth.${SECRET_CLUSTER_DOMAIN}/logout"
        oauth_auto_login: true
        oauth_allow_insecure_email_lookup: true
      auth.generic_oauth:
        enabled: true
        name: Authelia
        icon: signin
        scopes: "openid profile email groups"
        empty_scopes: false
        login_attribute_path: preferred_username
        groups_attribute_path: groups
        name_attribute_path: name
        use_pkce: true
      auth.generic_oauth.group_mapping:
        role_attribute_path: |
          contains(groups[*], 'admins') && 'Admin' || contains(groups[*], 'users') && 'Viewer'
        org_id: 1
      auth.basic:
        enabled: false
      auth.anonymous:
        enabled: true
        org_name: HomeOps
        org_id: 1
        org_role: Viewer
      server:
        root_url: "https://grafana.${SECRET_CLUSTER_DOMAIN}"
      paths:
        data: /var/lib/grafana/data
        logs: /var/log/grafana
        plugins: /var/lib/grafana/plugins
        provisioning: /etc/grafana/provisioning
      log:
        mode: console
      grafana_net:
        url: https://grafana.net
    dashboardProviders:
      dashboardproviders.yaml:
        apiVersion: 1
        providers:
          - name: "default"
            orgId: 1
            folder: ""
            type: file
            disableDeletion: false
            editable: true
            options:
              path: /var/lib/grafana/dashboards/default
    datasources:
      datasources.yaml:
        apiVersion: 1
        # list of datasources that should be deleted from the database
        deleteDatasources:
          - { name: Alertmanager, orgId: 1 }
          - { name: Loki, orgId: 1 }
          - { name: Prometheus, orgId: 1 }
        datasources:
          - name: Prometheus
            type: prometheus
            access: proxy
            url: http://thanos-query-frontend.monitoring.svc.cluster.local.:9090
            isDefault: true
          - name: Loki
            type: loki
            access: proxy
            url: http://loki-gateway.monitoring.svc.cluster.local.:80
          - name: Alertmanager
            type: alertmanager
            uid: alertmanager
            access: proxy
            url: http://alertmanager-operated.monitoring.svc.cluster.local:9093
            jsonData:
              implementation: prometheus
    dashboards:
      default:
        home-assistant:
          url: https://raw.githubusercontent.com/auricom/home-ops/main/kubernetes/apps/monitoring/grafana/dashboards/home-assistant.json
          datasource: Prometheus
        homelab-temperatures:
          url: https://raw.githubusercontent.com/auricom/home-ops/main/kubernetes/apps/monitoring/grafana/dashboards/homelab-temperatures.json
          datasource: Prometheus
        truenas:
          url: https://raw.githubusercontent.com/auricom/home-ops/main/kubernetes/apps/monitoring/grafana/dashboards/truenas.json
          datasource: Prometheus
    sidecar:
      dashboards:
        enabled: true
        searchNamespace: ALL
        # folderAnnotation: grafana_folder
        # provider:
        #   foldersFromFilesStructure: true
      datasources:
        enabled: true
        searchNamespace: ALL
    plugins:
      - natel-discrete-panel
      - pr0ps-trackmap-panel
      - grafana-piechart-panel
      - vonage-status-panel
      - grafana-worldmap-panel
      - grafana-clock-panel
    serviceMonitor:
      enabled: true
    ingress:
      enabled: true
      ingressClassName: "nginx"
      annotations:
        hajimari.io/icon: simple-icons:grafana
      hosts:
        - &host "grafana.${SECRET_CLUSTER_DOMAIN}"
      tls:
        - hosts:
            - *host
    persistence:
      enabled: false
    affinity:
      podAntiAffinity:
        preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                  - key: app.kubernetes.io/name
                    operator: In
                    values: ["grafana"]
              topologyKey: kubernetes.io/hostname