From e3d07f02f8f8dcd3cbc364e34cce3cd13bf5ab2c Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Tue, 15 Apr 2025 21:12:34 +0800
Subject: [PATCH] chore: cleanup

---
 kube/deploy/core/monitoring/grafana/app/hr.yaml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/kube/deploy/core/monitoring/grafana/app/hr.yaml b/kube/deploy/core/monitoring/grafana/app/hr.yaml
index 42a944f4..550b126c 100644
--- a/kube/deploy/core/monitoring/grafana/app/hr.yaml
+++ b/kube/deploy/core/monitoring/grafana/app/hr.yaml
@@ -55,12 +55,12 @@ spec:
         role_attribute_path: |
           contains(groups[*], 'Role-Grafana-Admin') && 'GrafanaAdmin' || contains(groups[*], 'Role-Grafana-Viewer') && 'Viewer'
       auth.proxy: # if Tailscale headers exist, it'll be used first, else use OIDC
-        enabled: true
-        auto_sign_up: true
-        whitelist: "${IP_POD_CIDR_V4}"
-        header_name: Tailscale-User-Login # email is immutable to account for Tailscale, used for person identity
-        header_property: username
-        headers: "Name:Tailscale-User-Name Email:Tailscale-User-Login"
+        enabled: false
+        # auto_sign_up: true
+        # whitelist: "${IP_POD_CIDR_V4:=127.0.0.1/32}"
+        # header_name: Tailscale-User-Login # email is immutable to account for Tailscale, used for person identity
+        # header_property: username
+        # headers: "Name:Tailscale-User-Name Email:Tailscale-User-Login"
         # defaults to viewer role, privileged access needs OIDC
       auth.basic:
         enabled: false
@@ -380,7 +380,7 @@ spec:
     ingress:
       enabled: true
       ingressClassName: "nginx-internal"
-      hosts: &host ["${APP_DNS_GRAFANA}"]
+      hosts: &host ["${APP_DNS_GRAFANA:=grafana}"]
       tls: [hosts: *host]
     persistence:
       enabled: false