feat(grafana): add SMTP configuration for email alerts

- Enable SMTP with GF_SMTP_ENABLED: true - Configure internal Postfix relay (postfix:25) - Set FROM address to grafana@grafana.jfraeys.com - Disable TLS verification for internal relay (GF_SMTP_SKIP_VERIFY) - Clear username/password for unauthenticated internal relay Note: Grafana role currently commented out in playbook (1GB node constraint)
2026-03-06 14:25:43 -05:00 · 2026-03-06 14:25:43 -05:00 · 5791172575
commit 5791172575
parent 465aed31c6
1 changed files with 13 additions and 0 deletions
--- a/roles/grafana/templates/docker-compose.yml.j2
+++ b/roles/grafana/templates/docker-compose.yml.j2
@ -23,6 +23,14 @@ services:
      GF_AUTH_GENERIC_OAUTH_USE_PKCE: 'true'
      GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: 'true'
      GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups[*], 'admins') && 'Admin' || 'Viewer'"
+      # SMTP Configuration for email alerts
+      GF_SMTP_ENABLED: 'true'
+      GF_SMTP_HOST: 'postfix:25'
+      GF_SMTP_USER: ''
+      GF_SMTP_PASSWORD: ''
+      GF_SMTP_FROM_ADDRESS: '{{ grafana_smtp_from | default("grafana@" + grafana_hostname) }}'
+      GF_SMTP_FROM_NAME: 'Grafana Alerts'
+      GF_SMTP_SKIP_VERIFY: 'true'
    volumes:
      - grafana_data:/var/lib/grafana
      - ./provisioning:/etc/grafana/provisioning:ro
@ -30,6 +38,11 @@ services:
      - monitoring
      - proxy
    restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+    read_only: true
+    tmpfs:
+      - /tmp:noexec,nosuid,size=100m
    labels:
      - traefik.enable=true
      - traefik.docker.network=proxy