From 6b479c5a89ffbeaa228d743d183c9e13ed4be38a Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Wed, 9 Dec 2020 11:10:00 -0500
Subject: [PATCH] pillarize grafana
 https://github.com/Security-Onion-Solutions/securityonion/issues/1175

---
 salt/grafana/defaults.yaml         |  8 ++++++++
 salt/grafana/etc/grafana.ini       |  1 +
 salt/grafana/etc/grafana.ini.jinja | 12 ++++++++++++
 salt/grafana/init.sls              | 31 ++++++++++++++++++++++++++----
 4 files changed, 48 insertions(+), 4 deletions(-)
 create mode 100644 salt/grafana/defaults.yaml
 create mode 100644 salt/grafana/etc/grafana.ini.jinja

diff --git a/salt/grafana/defaults.yaml b/salt/grafana/defaults.yaml
new file mode 100644
index 000000000..0fde48a24
--- /dev/null
+++ b/salt/grafana/defaults.yaml
@@ -0,0 +1,8 @@
+grafana:
+  config:
+    server:
+      root_url: "%(protocol)s://%(domain)s/grafana/"
+    auth.anonymous:
+      enabled: true
+      org_name: Main Org.
+      org_role: Viewer
\ No newline at end of file
diff --git a/salt/grafana/etc/grafana.ini b/salt/grafana/etc/grafana.ini
index 3486ff241..6056396fc 100644
--- a/salt/grafana/etc/grafana.ini
+++ b/salt/grafana/etc/grafana.ini
@@ -307,6 +307,7 @@ org_role = Viewer
 ;allow_sign_up = true
 
 #################################### SMTP / Emailing ##########################
+
 [smtp]
 ;enabled = false
 ;host = localhost:25
diff --git a/salt/grafana/etc/grafana.ini.jinja b/salt/grafana/etc/grafana.ini.jinja
new file mode 100644
index 000000000..9269aec70
--- /dev/null
+++ b/salt/grafana/etc/grafana.ini.jinja
@@ -0,0 +1,12 @@
+{%- macro write_config_line(cfg) %}
+  {%- for k,v in cfg.items() -%}
+{{ k }} = {{ v }}
+  {%  endfor %}
+{%- endmacro %}
+
+{{ write_config_line(config.get("default", {})) }}
+  {% for header, cfg in config.items() %}
+    {%-   if section == "default" %}{% continue %}{% endif %}
+[{{ header }}]
+{{ write_config_line(cfg) }}
+{%  endfor %}
\ No newline at end of file
diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls
index 8fe88f354..4cb8fc83a 100644
--- a/salt/grafana/init.sls
+++ b/salt/grafana/init.sls
@@ -9,6 +9,10 @@
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set ADMINPASS = salt['pillar.get']('secrets:grafana_admin') %}
 
+{% import_yaml 'grafana/defaults.yaml' as default_settings %}
+{% set GRAFANA_SETTINGS = salt['pillar.get']('grafana', default=default_settings, merge=True) %}
+
+
 {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %}
 
 # Grafana all the things
@@ -75,13 +79,32 @@ grafanadashsndir:
     - group: 939
     - makedirs: True
 
-grafanaconf:
-  file.recurse:
-    - name: /opt/so/conf/grafana/etc
+grafana-dashboard-config:
+  file.managed:
+    - name: /opt/so/conf/grafana/etc/dashboards/dashboard.yml
     - user: 939
     - group: 939
     - template: jinja
-    - source: salt://grafana/etc
+    - source: salt://grafana/etc/dashboards/dashboard.yml
+
+grafana-datasources-config:
+  file.recurse:
+    - name: /opt/so/conf/grafana/etc/datasources/influxdb.yaml
+    - user: 939
+    - group: 939
+    - template: jinja
+    - source: salt://grafana/etc/datasources/influxdb.yaml
+
+grafana-config:
+  file.recurse:
+    - name: /opt/so/conf/grafana/etc/grafana.ini
+    - user: 939
+    - group: 939
+    - template: jinja
+    - source: salt://grafana/etc/grafana.ini.jinja
+    - context:
+        config: {{ GRAFANA_SETTINGS.config|json }}
+    
 
 {% if salt['pillar.get']('managertab', False) %}
 {% for SN, SNDATA in salt['pillar.get']('managertab', {}).items() %}