From ef7a054918e2758877e869346c6d469d9a377f01 Mon Sep 17 00:00:00 2001
From: VVolodin <vvolodin@mlg.ru>
Date: Wed, 23 Aug 2023 15:02:36 +0300
Subject: [PATCH 1/2]  add overrides.conf with CAP_NET_BIND_SERVICE for
 grafana-server unit file

---
 roles/grafana/tasks/configure.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/roles/grafana/tasks/configure.yml b/roles/grafana/tasks/configure.yml
index cf732032..553e3101 100644
--- a/roles/grafana/tasks/configure.yml
+++ b/roles/grafana/tasks/configure.yml
@@ -76,6 +76,27 @@
     - "grafana_port | int <= 1024"
     - "grafana_cap_net_bind_service"
 
+- name: Create a directory for overrides.conf unit file if it does not exist
+  ansible.builtin.file:
+    path: /etc/systemd/system/grafana-server.service.d
+    state: directory
+    mode: '0755'
+  when:
+    - "grafana_port | int <= 1024"
+    - "grafana_cap_net_bind_service"
+
+- name: "Enable grafana to ports lower than port 1024 in systemd unitfile"
+  ansible.builtin.blockinfile:
+    path: /etc/systemd/system/grafana-server.service.d/overrides.conf
+    create: true
+    block: |
+      [Service]
+      AmbientCapabilities=CAP_NET_BIND_SERVICE
+      CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+  when:
+    - "grafana_port | int <= 1024"
+    - "grafana_cap_net_bind_service"
+
 - name: "Enable and start Grafana systemd unit"
   ansible.builtin.systemd:
     name: "grafana-server"

From 009cd365baa83331fda4cc46873b97c038fcba6f Mon Sep 17 00:00:00 2001
From: VVolodin <vvolodin@mlg.ru>
Date: Fri, 25 Aug 2023 14:54:23 +0300
Subject: [PATCH 2/2] add grafana_plugins_ops. For example
 allow_loading_unsigned_plugins

---
 roles/grafana/templates/grafana.ini.j2 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/grafana/templates/grafana.ini.j2 b/roles/grafana/templates/grafana.ini.j2
index 709a4f70..13613b42 100644
--- a/roles/grafana/templates/grafana.ini.j2
+++ b/roles/grafana/templates/grafana.ini.j2
@@ -37,6 +37,14 @@ root_url = {{ grafana_url }}
 {%   endif %}
 {% endfor %}
 
+# Plugins
+{% if grafana_plugins_ops is defined %}
+[plugins]
+{% for k,v in grafana_plugins_ops.items() %}
+{{ k }} = {{ v }}
+{% endfor %}
+{%   endif %}
+
 # Remote cache
 [remote_cache]
 {% for k,v in grafana_remote_cache.items() %}