movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-18 07:29:23 +03:00
Code Issues Projects Releases Packages Wiki Activity
nixpkgs/nixos/modules/services/monitoring/grafana.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

923 lines
33 KiB
Nix
Raw Normal View History

nixos/grafana: Don't print password warning if no password has been set
2017-02-13 23:11:40 +01:00
{ options, config, lib, pkgs, ... }:
nixos: add grafana module
2015-04-25 16:02:44 +02:00
with lib;
let
cfg = config.services.grafana;
nixos/grafana: option to configure smtp
2018-09-20 23:02:33 +01:00
opt = options.services.grafana;
nixos/grafana: refactor dashboards for RFC42 This commit refactors `services.grafana.provision.dashboards` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-18 13:35:07 +04:00
provisioningSettingsFormat = pkgs.formats.yaml {};
nixos/grafana: add support for declarative plugin installation
2020-12-30 17:59:52 +00:00
declarativePlugins = pkgs.linkFarm "grafana-plugins" (builtins.map (pkg: { name = pkg.pname; path = pkg; }) cfg.declarativePlugins);
nixos/grafana: start systemd service after database
2021-08-24 14:59:58 +02:00
useMysql = cfg.database.type == "mysql";
usePostgresql = cfg.database.type == "postgres";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
grafana module: update
2015-11-16 14:28:28 +01:00
envOptions = {
PATHS_DATA = cfg.dataDir;
nixos/grafana: add support for declarative plugin installation
2020-12-30 17:59:52 +00:00
PATHS_PLUGINS = if builtins.isNull cfg.declarativePlugins then "${cfg.dataDir}/plugins" else declarativePlugins;
grafana module: update
2015-11-16 14:28:28 +01:00
PATHS_LOGS = "${cfg.dataDir}/log";
nixos/grafana: add serveFromSubPath option
2022-05-18 16:07:56 +02:00
SERVER_SERVE_FROM_SUBPATH = boolToString cfg.server.serveFromSubPath;
grafana module: update
2015-11-16 14:28:28 +01:00
SERVER_PROTOCOL = cfg.protocol;
SERVER_HTTP_ADDR = cfg.addr;
SERVER_HTTP_PORT = cfg.port;
nixos/grafana: add socket configuration option
2021-03-29 15:59:24 +02:00
SERVER_SOCKET = cfg.socket;
grafana module: update
2015-11-16 14:28:28 +01:00
SERVER_DOMAIN = cfg.domain;
SERVER_ROOT_URL = cfg.rootUrl;
SERVER_STATIC_ROOT_PATH = cfg.staticRootPath;
SERVER_CERT_FILE = cfg.certFile;
SERVER_CERT_KEY = cfg.certKey;
DATABASE_TYPE = cfg.database.type;
DATABASE_HOST = cfg.database.host;
DATABASE_NAME = cfg.database.name;
DATABASE_USER = cfg.database.user;
DATABASE_PASSWORD = cfg.database.password;
DATABASE_PATH = cfg.database.path;
grafana: 5.0.2 -> 5.0.3, fix headless phantomjs
2018-03-19 17:04:39 +01:00
DATABASE_CONN_MAX_LIFETIME = cfg.database.connMaxLifetime;
grafana module: update
2015-11-16 14:28:28 +01:00
SECURITY_ADMIN_USER = cfg.security.adminUser;
SECURITY_ADMIN_PASSWORD = cfg.security.adminPassword;
SECURITY_SECRET_KEY = cfg.security.secretKey;
treewide: use boolToString function
2017-04-11 18:08:51 +02:00
USERS_ALLOW_SIGN_UP = boolToString cfg.users.allowSignUp;
USERS_ALLOW_ORG_CREATE = boolToString cfg.users.allowOrgCreate;
USERS_AUTO_ASSIGN_ORG = boolToString cfg.users.autoAssignOrg;
grafana module: update
2015-11-16 14:28:28 +01:00
USERS_AUTO_ASSIGN_ORG_ROLE = cfg.users.autoAssignOrgRole;
nixos/grafana: add disableLoginForm option
2022-05-18 16:09:04 +02:00
AUTH_DISABLE_LOGIN_FORM = boolToString cfg.auth.disableLoginForm;
treewide: use boolToString function
2017-04-11 18:08:51 +02:00
AUTH_ANONYMOUS_ENABLED = boolToString cfg.auth.anonymous.enable;
nixos/grafana: set plugins path, fix image generation Also add options to configure which organization should have anonymous access.
2016-07-15 15:26:31 +02:00
AUTH_ANONYMOUS_ORG_NAME = cfg.auth.anonymous.org_name;
AUTH_ANONYMOUS_ORG_ROLE = cfg.auth.anonymous.org_role;
nixos/grafana: add Azure AD OAuth options
2022-05-16 16:37:02 +02:00
AUTH_AZUREAD_NAME = "Azure AD";
AUTH_AZUREAD_ENABLED = boolToString cfg.auth.azuread.enable;
AUTH_AZUREAD_ALLOW_SIGN_UP = boolToString cfg.auth.azuread.allowSignUp;
AUTH_AZUREAD_CLIENT_ID = cfg.auth.azuread.clientId;
AUTH_AZUREAD_SCOPES = "openid email profile";
AUTH_AZUREAD_AUTH_URL = "https://login.microsoftonline.com/${cfg.auth.azuread.tenantId}/oauth2/v2.0/authorize";
AUTH_AZUREAD_TOKEN_URL = "https://login.microsoftonline.com/${cfg.auth.azuread.tenantId}/oauth2/v2.0/token";
AUTH_AZUREAD_ALLOWED_DOMAINS = cfg.auth.azuread.allowedDomains;
AUTH_AZUREAD_ALLOWED_GROUPS = cfg.auth.azuread.allowedGroups;
AUTH_AZUREAD_ROLE_ATTRIBUTE_STRICT = false;
grafana: add google oauth2 config Grafana supports Google OAuth2. https://grafana.com/docs/grafana/latest/auth/google/
2021-04-13 12:33:04 +00:00
AUTH_GOOGLE_ENABLED = boolToString cfg.auth.google.enable;
AUTH_GOOGLE_ALLOW_SIGN_UP = boolToString cfg.auth.google.allowSignUp;
AUTH_GOOGLE_CLIENT_ID = cfg.auth.google.clientId;
grafana: 2.6.0 -> 3.0.1 (#15395) * grafana: 2.6.0 -> 3.0.1 * grafana module: Fix anonymous auth & add analytics config
2016-05-13 02:28:24 +02:00
treewide: use boolToString function
2017-04-11 18:08:51 +02:00
ANALYTICS_REPORTING_ENABLED = boolToString cfg.analytics.reporting.enable;
nixos/grafana: option to configure smtp
2018-09-20 23:02:33 +01:00
nixos/grafana: fix smtp enable typo
2019-11-12 12:43:04 +01:00
SMTP_ENABLED = boolToString cfg.smtp.enable;
nixos/grafana: option to configure smtp
2018-09-20 23:02:33 +01:00
SMTP_HOST = cfg.smtp.host;
SMTP_USER = cfg.smtp.user;
SMTP_PASSWORD = cfg.smtp.password;
SMTP_FROM_ADDRESS = cfg.smtp.fromAddress;
grafana module: update
2015-11-16 14:28:28 +01:00
} // cfg.extraOptions;
nixos: add grafana module
2015-04-25 16:02:44 +02:00
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
datasourceConfiguration = {
apiVersion = 1;
datasources = cfg.provision.datasources;
};
nixos/grafana: refactor datasources for RFC42 This commit refactors `services.grafana.provision.datasources` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-19 19:16:55 +04:00
datasourceFileNew = if (cfg.provision.datasources.path == null) then provisioningSettingsFormat.generate "datasource.yaml" cfg.provision.datasources.settings else cfg.provision.datasources.path;
datasourceFile = if (builtins.isList cfg.provision.datasources) then provisioningSettingsFormat.generate "datasource.yaml" datasourceConfiguration else datasourceFileNew;
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
dashboardConfiguration = {
apiVersion = 1;
providers = cfg.provision.dashboards;
};
nixos/grafana: refactor dashboards for RFC42 This commit refactors `services.grafana.provision.dashboards` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-18 13:35:07 +04:00
dashboardFileNew = if (cfg.provision.dashboards.path == null) then provisioningSettingsFormat.generate "dashboard.yaml" cfg.provision.dashboards.settings else cfg.provision.dashboards.path;
dashboardFile = if (builtins.isList cfg.provision.dashboards) then provisioningSettingsFormat.generate "dashboard.yaml" dashboardConfiguration else dashboardFileNew;
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
Add notifier configs to grafana provisioning Similar to dashboards and datasources, notifiers in Grafana can also be provisioned. This adds them to the Grafana service definition.
2021-01-27 15:14:57 +00:00
notifierConfiguration = {
apiVersion = 1;
notifiers = cfg.provision.notifiers;
};
notifierFile = pkgs.writeText "notifier.yaml" (builtins.toJSON notifierConfiguration);
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
provisionConfDir = pkgs.runCommand "grafana-provisioning" { } ''
nixos/grafana: create directory for notifiers provisioning
2021-03-03 20:04:32 +01:00
mkdir -p $out/{datasources,dashboards,notifiers}
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
ln -sf ${datasourceFile} $out/datasources/datasource.yaml
ln -sf ${dashboardFile} $out/dashboards/dashboard.yaml
Add notifier configs to grafana provisioning Similar to dashboards and datasources, notifiers in Grafana can also be provisioned. This adds them to the Grafana service definition.
2021-01-27 15:14:57 +00:00
ln -sf ${notifierFile} $out/notifiers/notifier.yaml
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
'';
# Get a submodule without any embedded metadata:
_filter = x: filterAttrs (k: v: k != "_module") x;
# http://docs.grafana.org/administration/provisioning/#datasources
grafanaTypes.datasourceConfig = types.submodule {
nixos/grafana: refactor datasources for RFC42 This commit refactors `services.grafana.provision.datasources` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-19 19:16:55 +04:00
freeformType = provisioningSettingsFormat.type;
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
options = {
name = mkOption {
type = types.str;
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Name of the datasource. Required.";
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
};
type = mkOption {
nixos/grafana: Change services.grafana.provision.datasources.*.type to be open (#126831)
2021-06-16 11:12:51 +02:00
type = types.str;
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Datasource type. Required.";
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
};
access = mkOption {
type = types.enum ["proxy" "direct"];
default = "proxy";
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Access mode. proxy or direct (Server or Browser in the UI). Required.";
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
};
nixos/grafana: Allow setting UID for datasource
2022-05-29 19:22:02 +02:00
uid = mkOption {
type = types.nullOr types.str;
default = null;
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Custom UID which can be used to reference this datasource in other parts of the configuration, if not specified will be generated automatically.";
nixos/grafana: Allow setting UID for datasource
2022-05-29 19:22:02 +02:00
};
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
url = mkOption {
type = types.str;
nixos/grafana: refactor datasources for RFC42 This commit refactors `services.grafana.provision.datasources` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-19 19:16:55 +04:00
default = "localhost";
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Url of the datasource.";
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
};
nixos/grafana: refactor datasources for RFC42 This commit refactors `services.grafana.provision.datasources` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-19 19:16:55 +04:00
editable = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Allow users to edit datasources from the UI.";
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
};
nixos/grafana: refactor datasources for RFC42 This commit refactors `services.grafana.provision.datasources` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-19 19:16:55 +04:00
password = mkOption {
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
type = types.nullOr types.str;
default = null;
nixos/grafana: refactor datasources for RFC42 This commit refactors `services.grafana.provision.datasources` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-19 19:16:55 +04:00
description = lib.mdDoc ''
Database password, if used. Please note that the contents of this option
will end up in a world-readable Nix store. Use the file provider
pointing at a reasonably secured file in the local filesystem
to work around that. Look at the documentation for details:
<https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider>
'';
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
};
basicAuthPassword = mkOption {
type = types.nullOr types.str;
default = null;
nixos/grafana: refactor datasources for RFC42 This commit refactors `services.grafana.provision.datasources` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-19 19:16:55 +04:00
description = lib.mdDoc ''
Basic auth password. Please note that the contents of this option
will end up in a world-readable Nix store. Use the file provider
pointing at a reasonably secured file in the local filesystem
to work around that. Look at the documentation for details:
<https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider>
'';
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
};
secureJsonData = mkOption {
type = types.nullOr types.attrs;
default = null;
nixos/grafana: refactor datasources for RFC42 This commit refactors `services.grafana.provision.datasources` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-19 19:16:55 +04:00
description = lib.mdDoc ''
Datasource specific secure configuration. Please note that the contents of this option
will end up in a world-readable Nix store. Use the file provider
pointing at a reasonably secured file in the local filesystem
to work around that. Look at the documentation for details:
<https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider>
'';
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
};
};
};
# http://docs.grafana.org/administration/provisioning/#dashboards
grafanaTypes.dashboardConfig = types.submodule {
nixos/grafana: refactor dashboards for RFC42 This commit refactors `services.grafana.provision.dashboards` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-18 13:35:07 +04:00
freeformType = provisioningSettingsFormat.type;
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
options = {
name = mkOption {
type = types.str;
default = "default";
nixos/grafana: refactor dashboards for RFC42 This commit refactors `services.grafana.provision.dashboards` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-18 13:35:07 +04:00
description = lib.mdDoc "A unique provider name.";
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
};
type = mkOption {
type = types.str;
default = "file";
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Dashboard provider type.";
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
};
nixos/grafana: refactor dashboards for RFC42 This commit refactors `services.grafana.provision.dashboards` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-18 13:35:07 +04:00
options.path = mkOption {
type = types.path;
description = lib.mdDoc "Path grafana will watch for dashboards. Required when using the 'file' type.";
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
};
};
};
Add notifier configs to grafana provisioning Similar to dashboards and datasources, notifiers in Grafana can also be provisioned. This adds them to the Grafana service definition.
2021-01-27 15:14:57 +00:00
grafanaTypes.notifierConfig = types.submodule {
options = {
name = mkOption {
type = types.str;
default = "default";
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Notifier name.";
Add notifier configs to grafana provisioning Similar to dashboards and datasources, notifiers in Grafana can also be provisioned. This adds them to the Grafana service definition.
2021-01-27 15:14:57 +00:00
};
type = mkOption {
type = types.enum ["dingding" "discord" "email" "googlechat" "hipchat" "kafka" "line" "teams" "opsgenie" "pagerduty" "prometheus-alertmanager" "pushover" "sensu" "sensugo" "slack" "telegram" "threema" "victorops" "webhook"];
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Notifier type.";
Add notifier configs to grafana provisioning Similar to dashboards and datasources, notifiers in Grafana can also be provisioned. This adds them to the Grafana service definition.
2021-01-27 15:14:57 +00:00
};
uid = mkOption {
type = types.str;
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Unique notifier identifier.";
Add notifier configs to grafana provisioning Similar to dashboards and datasources, notifiers in Grafana can also be provisioned. This adds them to the Grafana service definition.
2021-01-27 15:14:57 +00:00
};
org_id = mkOption {
type = types.int;
default = 1;
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Organization ID.";
Add notifier configs to grafana provisioning Similar to dashboards and datasources, notifiers in Grafana can also be provisioned. This adds them to the Grafana service definition.
2021-01-27 15:14:57 +00:00
};
org_name = mkOption {
type = types.str;
default = "Main Org.";
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Organization name.";
Add notifier configs to grafana provisioning Similar to dashboards and datasources, notifiers in Grafana can also be provisioned. This adds them to the Grafana service definition.
2021-01-27 15:14:57 +00:00
};
is_default = mkOption {
type = types.bool;
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Is the default notifier.";
Add notifier configs to grafana provisioning Similar to dashboards and datasources, notifiers in Grafana can also be provisioned. This adds them to the Grafana service definition.
2021-01-27 15:14:57 +00:00
default = false;
};
send_reminder = mkOption {
type = types.bool;
default = true;
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Should the notifier be sent reminder notifications while alerts continue to fire.";
Add notifier configs to grafana provisioning Similar to dashboards and datasources, notifiers in Grafana can also be provisioned. This adds them to the Grafana service definition.
2021-01-27 15:14:57 +00:00
};
frequency = mkOption {
type = types.str;
default = "5m";
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "How frequently should the notifier be sent reminders.";
Add notifier configs to grafana provisioning Similar to dashboards and datasources, notifiers in Grafana can also be provisioned. This adds them to the Grafana service definition.
2021-01-27 15:14:57 +00:00
};
disable_resolve_message = mkOption {
type = types.bool;
default = false;
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Turn off the message that sends when an alert returns to OK.";
Add notifier configs to grafana provisioning Similar to dashboards and datasources, notifiers in Grafana can also be provisioned. This adds them to the Grafana service definition.
2021-01-27 15:14:57 +00:00
};
settings = mkOption {
type = types.nullOr types.attrs;
default = null;
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Settings for the notifier type.";
Add notifier configs to grafana provisioning Similar to dashboards and datasources, notifiers in Grafana can also be provisioned. This adds them to the Grafana service definition.
2021-01-27 15:14:57 +00:00
};
secure_settings = mkOption {
type = types.nullOr types.attrs;
default = null;
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Secure settings for the notifier type.";
Add notifier configs to grafana provisioning Similar to dashboards and datasources, notifiers in Grafana can also be provisioned. This adds them to the Grafana service definition.
2021-01-27 15:14:57 +00:00
};
};
};
nixos: add grafana module
2015-04-25 16:02:44 +02:00
in {
options.services.grafana = {
nixos/*: automatically convert option descriptions conversions were done using https://github.com/pennae/nix-doc-munge using (probably) rev f34e145 running nix-doc-munge nixos/**/*.nix nix-doc-munge --import nixos/**/*.nix the tool ensures that only changes that could affect the generated manual *but don't* are committed, other changes require manual review and are discarded.
2022-08-28 21:18:44 +02:00
enable = mkEnableOption (lib.mdDoc "grafana");
nixos: add grafana module
2015-04-25 16:02:44 +02:00
protocol = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Which protocol to listen.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = "http";
grafana: support socket protocol
2018-04-12 22:46:12 -04:00
type = types.enum ["http" "https" "socket"];
nixos: add grafana module
2015-04-25 16:02:44 +02:00
};
addr = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Listening address.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = "127.0.0.1";
type = types.str;
};
port = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Listening port.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = 3000;
nixos/grafana: use `port` type
2021-06-18 17:27:31 +02:00
type = types.port;
nixos: add grafana module
2015-04-25 16:02:44 +02:00
};
nixos/grafana: add socket configuration option
2021-03-29 15:59:24 +02:00
socket = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Listening socket.";
nixos/grafana: add socket configuration option
2021-03-29 15:59:24 +02:00
default = "/run/grafana/grafana.sock";
type = types.str;
};
nixos: add grafana module
2015-04-25 16:02:44 +02:00
domain = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "The public facing domain name used to access grafana from a browser.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = "localhost";
type = types.str;
};
rootUrl = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Full public facing url.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = "%(protocol)s://%(domain)s:%(http_port)s/";
type = types.str;
};
certFile = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Cert file for ssl.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = "";
type = types.str;
};
certKey = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Cert key for ssl.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = "";
type = types.str;
};
staticRootPath = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Root path for static assets.";
grafana service: unbreak Accidentally broken by 4fede53c0996938979d2966a69f108782a8c1c12 ("nixos manuals: bring back package references"). Without this fix, grafana won't start: $ systemctl status grafana ... systemd[1]: Starting Grafana Service Daemon... systemd[1]: Started Grafana Service Daemon. grafana[666]: 2016/03/06 19:57:32 [log.go:75 Fatal()] [E] Failed to detect generated css or javascript files in static root (%!s(MISSING)), have you executed default grunt task? systemd[1]: grafana.service: Main process exited, code=exited, status=1/FAILURE systemd[1]: grafana.service: Unit entered failed state. systemd[1]: grafana.service: Failed with result 'exit-code'.
2016-03-06 20:57:50 +01:00
default = "${cfg.package}/share/grafana/public";
nixos/doc: clean up defaults and examples
2021-10-03 18:06:03 +02:00
defaultText = literalExpression ''"''${package}/share/grafana/public"'';
nixos: add grafana module
2015-04-25 16:02:44 +02:00
type = types.str;
};
package = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Package to use.";
grafana: fix package naming
2015-09-06 15:22:43 +02:00
default = pkgs.grafana;
nixos/doc: clean up defaults and examples
2021-10-03 18:06:03 +02:00
defaultText = literalExpression "pkgs.grafana";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
type = types.package;
};
nixos/grafana: Filter out duplicate plugins If the same plugin appears multiple times in `declarativePlugins`, for example due to being added both by a module and in user config, the build fails with an error message similar to ln: failed to create symbolic link 'grafana-worldmap-panel/glmqcj88zk2bz3mvdr3r7920wxg02qnq-grafana-worldmap-panel-0.3.2': Permission denied This is solved by removing all duplicates.
2021-06-04 18:08:09 +02:00
nixos/grafana: add support for declarative plugin installation
2020-12-30 17:59:52 +00:00
declarativePlugins = mkOption {
type = with types; nullOr (listOf path);
default = null;
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "If non-null, then a list of packages containing Grafana plugins to install. If set, plugins cannot be manually installed.";
nixos/doc: clean up defaults and examples
2021-10-03 18:06:03 +02:00
example = literalExpression "with pkgs.grafanaPlugins; [ grafana-piechart-panel ]";
nixos/grafana: Filter out duplicate plugins If the same plugin appears multiple times in `declarativePlugins`, for example due to being added both by a module and in user config, the build fails with an error message similar to ln: failed to create symbolic link 'grafana-worldmap-panel/glmqcj88zk2bz3mvdr3r7920wxg02qnq-grafana-worldmap-panel-0.3.2': Permission denied This is solved by removing all duplicates.
2021-06-04 18:08:09 +02:00
# Make sure each plugin is added only once; otherwise building
# the link farm fails, since the same path is added multiple
# times.
apply = x: if isList x then lib.unique x else x;
nixos/grafana: add support for declarative plugin installation
2020-12-30 17:59:52 +00:00
};
nixos: add grafana module
2015-04-25 16:02:44 +02:00
dataDir = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Data directory.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = "/var/lib/grafana";
type = types.path;
};
database = {
type = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Database type.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = "sqlite3";
nixos/grafana: Fix type of database.type option If you want to use grafana with PostgreSQL, the type is `postgres`, not `postgresql`.
2017-11-28 11:25:09 +00:00
type = types.enum ["mysql" "sqlite3" "postgres"];
nixos: add grafana module
2015-04-25 16:02:44 +02:00
};
host = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Database host.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = "127.0.0.1:3306";
type = types.str;
};
name = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Database name.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = "grafana";
type = types.str;
};
user = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Database user.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = "root";
type = types.str;
};
password = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc ''
nixos/grafana: options to store secrets not in nix store
2018-09-20 23:01:40 +01:00
Database password.
This option is mutual exclusive with the passwordFile option.
'';
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = "";
type = types.str;
};
nixos/grafana: options to store secrets not in nix store
2018-09-20 23:01:40 +01:00
passwordFile = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc ''
nixos/grafana: options to store secrets not in nix store
2018-09-20 23:01:40 +01:00
File that containts the database password.
This option is mutual exclusive with the password option.
'';
default = null;
type = types.nullOr types.path;
};
nixos: add grafana module
2015-04-25 16:02:44 +02:00
path = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Database path.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = "${cfg.dataDir}/data/grafana.db";
treewide: add defaultText for options with simple interpolation defaults adds defaultText for all options that use `cfg.*` values in their defaults, but only for interpolations with no extra processing (other than toString where necessary)
2021-12-05 21:28:49 +01:00
defaultText = literalExpression ''"''${config.${opt.dataDir}}/data/grafana.db"'';
nixos: add grafana module
2015-04-25 16:02:44 +02:00
type = types.path;
};
grafana: 5.0.2 -> 5.0.3, fix headless phantomjs
2018-03-19 17:04:39 +01:00
connMaxLifetime = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc ''
grafana: 5.0.2 -> 5.0.3, fix headless phantomjs
2018-03-19 17:04:39 +01:00
Sets the maximum amount of time (in seconds) a connection may be reused.
For MySQL this setting should be shorter than the `wait_timeout' variable.
'';
nixos/grafana: use new default for connMaxLifetime
2018-12-05 19:21:36 +01:00
default = "unlimited";
example = 14400;
type = types.either types.int (types.enum [ "unlimited" ]);
grafana: 5.0.2 -> 5.0.3, fix headless phantomjs
2018-03-19 17:04:39 +01:00
};
nixos: add grafana module
2015-04-25 16:02:44 +02:00
};
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
provision = {
nixos/*: automatically convert option descriptions conversions were done using https://github.com/pennae/nix-doc-munge using (probably) rev f34e145 running nix-doc-munge nixos/**/*.nix nix-doc-munge --import nixos/**/*.nix the tool ensures that only changes that could affect the generated manual *but don't* are committed, other changes require manual review and are discarded.
2022-08-28 21:18:44 +02:00
enable = mkEnableOption (lib.mdDoc "provision");
nixos/grafana: refactor dashboards for RFC42 This commit refactors `services.grafana.provision.dashboards` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-18 13:35:07 +04:00
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
datasources = mkOption {
nixos/grafana: refactor datasources for RFC42 This commit refactors `services.grafana.provision.datasources` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-19 19:16:55 +04:00
description = lib.mdDoc ''
Deprecated option for Grafana datasource configuration. Use either
`services.grafana.provision.datasources.settings` or
`services.grafana.provision.datasources.path` instead.
'';
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
default = [];
nixos/grafana: refactor datasources for RFC42 This commit refactors `services.grafana.provision.datasources` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-19 19:16:55 +04:00
apply = x: if (builtins.isList x) then map _filter x else x;
type = with types; either (listOf grafanaTypes.datasourceConfig) (submodule {
options.settings = mkOption {
description = lib.mdDoc ''
Grafana datasource configuration in Nix. Can't be used with
`services.grafana.provision.datasources.path` simultaneously. See
<link xlink:href="https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources"/>
for supported options.
'';
default = null;
type = types.nullOr (types.submodule {
options = {
apiVersion = mkOption {
description = lib.mdDoc "Config file version.";
default = 1;
type = types.int;
};
datasources = mkOption {
description = lib.mdDoc "List of datasources to insert/update.";
default = [];
type = types.listOf grafanaTypes.datasourceConfig;
};
deleteDatasources = mkOption {
description = lib.mdDoc "List of datasources that should be deleted from the database.";
default = [];
type = types.listOf (types.submodule {
options.name = mkOption {
description = lib.mdDoc "Name of the datasource to delete.";
type = types.str;
};
options.orgId = mkOption {
description = lib.mdDoc "Organization ID of the datasource to delete.";
type = types.int;
};
});
};
};
});
example = literalExpression ''
{
apiVersion = 1;
datasources = [{
name = "Graphite";
type = "graphite";
}];
deleteDatasources = [{
name = "Graphite";
orgId = 1;
}];
}
'';
};
options.path = mkOption {
description = lib.mdDoc ''
Path to YAML datasource configuration. Can't be used with
`services.grafana.provision.datasources.settings` simultaneously.
'';
default = null;
type = types.nullOr types.path;
};
});
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
};
nixos/grafana: refactor dashboards for RFC42 This commit refactors `services.grafana.provision.dashboards` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-18 13:35:07 +04:00
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
dashboards = mkOption {
nixos/grafana: refactor dashboards for RFC42 This commit refactors `services.grafana.provision.dashboards` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-18 13:35:07 +04:00
description = lib.mdDoc ''
Deprecated option for Grafana dashboard configuration. Use either
`services.grafana.provision.dashboards.settings` or
`services.grafana.provision.dashboards.path` instead.
'';
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
default = [];
nixos/grafana: refactor dashboards for RFC42 This commit refactors `services.grafana.provision.dashboards` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-18 13:35:07 +04:00
apply = x: if (builtins.isList x) then map _filter x else x;
type = with types; either (listOf grafanaTypes.dashboardConfig) (submodule {
options.settings = mkOption {
description = lib.mdDoc ''
Grafana dashboard configuration in Nix. Can't be used with
`services.grafana.provision.dashboards.path` simultaneously. See
<link xlink:href="https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards"/>
for supported options.
'';
default = null;
type = types.nullOr (types.submodule {
options.apiVersion = mkOption {
description = lib.mdDoc "Config file version.";
default = 1;
type = types.int;
};
options.providers = mkOption {
description = lib.mdDoc "List of dashboards to insert/update.";
default = [];
type = types.listOf grafanaTypes.dashboardConfig;
};
});
example = literalExpression ''
{
apiVersion = 1;
providers = [{
name = "default";
options.path = "/var/lib/grafana/dashboards";
}];
}
'';
};
options.path = mkOption {
description = lib.mdDoc ''
Path to YAML dashboard configuration. Can't be used with
`services.grafana.provision.dashboards.settings` simultaneously.
'';
default = null;
type = types.nullOr types.path;
};
});
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
};
nixos/grafana: refactor dashboards for RFC42 This commit refactors `services.grafana.provision.dashboards` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-18 13:35:07 +04:00
Add notifier configs to grafana provisioning Similar to dashboards and datasources, notifiers in Grafana can also be provisioned. This adds them to the Grafana service definition.
2021-01-27 15:14:57 +00:00
notifiers = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Grafana notifier configuration.";
Add notifier configs to grafana provisioning Similar to dashboards and datasources, notifiers in Grafana can also be provisioned. This adds them to the Grafana service definition.
2021-01-27 15:14:57 +00:00
default = [];
type = types.listOf grafanaTypes.notifierConfig;
apply = x: map _filter x;
};
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
};
nixos: add grafana module
2015-04-25 16:02:44 +02:00
security = {
adminUser = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Default admin username.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = "admin";
type = types.str;
};
adminPassword = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc ''
nixos/grafana: options to store secrets not in nix store
2018-09-20 23:01:40 +01:00
Default admin password.
This option is mutual exclusive with the adminPasswordFile option.
'';
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = "admin";
type = types.str;
};
nixos/grafana: options to store secrets not in nix store
2018-09-20 23:01:40 +01:00
adminPasswordFile = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc ''
nixos/grafana: options to store secrets not in nix store
2018-09-20 23:01:40 +01:00
Default admin password.
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
This option is mutual exclusive with the `adminPassword` option.
nixos/grafana: options to store secrets not in nix store
2018-09-20 23:01:40 +01:00
'';
default = null;
type = types.nullOr types.path;
};
nixos: add grafana module
2015-04-25 16:02:44 +02:00
secretKey = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Secret key used for signing.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = "SW2YcwTIb9zpOOhoPsMm";
type = types.str;
};
nixos/grafana: options to store secrets not in nix store
2018-09-20 23:01:40 +01:00
secretKeyFile = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Secret key used for signing.";
nixos/grafana: options to store secrets not in nix store
2018-09-20 23:01:40 +01:00
default = null;
type = types.nullOr types.path;
};
nixos: add grafana module
2015-04-25 16:02:44 +02:00
};
nixos/grafana: add serveFromSubPath option
2022-05-18 16:07:56 +02:00
server = {
serveFromSubPath = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Serve Grafana from subpath specified in rootUrl setting";
nixos/grafana: add serveFromSubPath option
2022-05-18 16:07:56 +02:00
default = false;
type = types.bool;
};
};
nixos/grafana: option to configure smtp
2018-09-20 23:02:33 +01:00
smtp = {
nixos/*: automatically convert option descriptions conversions were done using https://github.com/pennae/nix-doc-munge using (probably) rev f34e145 running nix-doc-munge nixos/**/*.nix nix-doc-munge --import nixos/**/*.nix the tool ensures that only changes that could affect the generated manual *but don't* are committed, other changes require manual review and are discarded.
2022-08-28 21:18:44 +02:00
enable = mkEnableOption (lib.mdDoc "smtp");
nixos/grafana: option to configure smtp
2018-09-20 23:02:33 +01:00
host = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Host to connect to.";
nixos/grafana: option to configure smtp
2018-09-20 23:02:33 +01:00
default = "localhost:25";
type = types.str;
};
user = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "User used for authentication.";
nixos/grafana: option to configure smtp
2018-09-20 23:02:33 +01:00
default = "";
type = types.str;
};
password = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc ''
nixos/grafana: option to configure smtp
2018-09-20 23:02:33 +01:00
Password used for authentication.
This option is mutual exclusive with the passwordFile option.
'';
default = "";
type = types.str;
};
passwordFile = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc ''
nixos/grafana: option to configure smtp
2018-09-20 23:02:33 +01:00
Password used for authentication.
This option is mutual exclusive with the password option.
'';
default = null;
type = types.nullOr types.path;
};
fromAddress = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Email address used for sending.";
nixos/grafana: option to configure smtp
2018-09-20 23:02:33 +01:00
default = "admin@grafana.localhost";
type = types.str;
};
};
nixos: add grafana module
2015-04-25 16:02:44 +02:00
users = {
allowSignUp = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Disable user signup / registration.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = false;
type = types.bool;
};
allowOrgCreate = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Whether user is allowed to create organizations.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = false;
type = types.bool;
};
autoAssignOrg = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Whether to automatically assign new users to default org.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = true;
type = types.bool;
};
autoAssignOrgRole = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Default role new users will be auto assigned.";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
default = "Viewer";
type = types.enum ["Viewer" "Editor"];
};
};
grafana: add google oauth2 config Grafana supports Google OAuth2. https://grafana.com/docs/grafana/latest/auth/google/
2021-04-13 12:33:04 +00:00
auth = {
nixos/grafana: add disableLoginForm option
2022-05-18 16:09:04 +02:00
disableLoginForm = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Set to true to disable (hide) the login form, useful if you use OAuth";
nixos/grafana: add disableLoginForm option
2022-05-18 16:09:04 +02:00
default = false;
type = types.bool;
};
grafana: add google oauth2 config Grafana supports Google OAuth2. https://grafana.com/docs/grafana/latest/auth/google/
2021-04-13 12:33:04 +00:00
anonymous = {
enable = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Whether to allow anonymous access.";
grafana: add google oauth2 config Grafana supports Google OAuth2. https://grafana.com/docs/grafana/latest/auth/google/
2021-04-13 12:33:04 +00:00
default = false;
type = types.bool;
};
org_name = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Which organization to allow anonymous access to.";
grafana: add google oauth2 config Grafana supports Google OAuth2. https://grafana.com/docs/grafana/latest/auth/google/
2021-04-13 12:33:04 +00:00
default = "Main Org.";
type = types.str;
};
org_role = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Which role anonymous users have in the organization.";
grafana: add google oauth2 config Grafana supports Google OAuth2. https://grafana.com/docs/grafana/latest/auth/google/
2021-04-13 12:33:04 +00:00
default = "Viewer";
type = types.str;
};
nixos/grafana: set plugins path, fix image generation Also add options to configure which organization should have anonymous access.
2016-07-15 15:26:31 +02:00
};
nixos/grafana: add Azure AD OAuth options
2022-05-16 16:37:02 +02:00
azuread = {
enable = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Whether to allow Azure AD OAuth.";
nixos/grafana: add Azure AD OAuth options
2022-05-16 16:37:02 +02:00
default = false;
type = types.bool;
};
allowSignUp = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Whether to allow sign up with Azure AD OAuth.";
nixos/grafana: add Azure AD OAuth options
2022-05-16 16:37:02 +02:00
default = false;
type = types.bool;
};
clientId = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Azure AD OAuth client ID.";
nixos/grafana: add Azure AD OAuth options
2022-05-16 16:37:02 +02:00
default = "";
type = types.str;
};
clientSecretFile = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Azure AD OAuth client secret.";
nixos/grafana: add Azure AD OAuth options
2022-05-16 16:37:02 +02:00
default = null;
type = types.nullOr types.path;
};
tenantId = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc ''
nixos/grafana: add Azure AD OAuth options
2022-05-16 16:37:02 +02:00
Tenant id used to create auth and token url. Default to "common"
, let user sign in with any tenant.
'';
default = "common";
type = types.str;
};
allowedDomains = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc ''
nixos/grafana: fix description text error Description text has been placed incorrectly for allowedDomains and allowedGroups
2022-09-09 15:11:27 +02:00
Limits access to users who belong to specific domains.
Separate domains with space or comma.
nixos/grafana: add Azure AD OAuth options
2022-05-16 16:37:02 +02:00
'';
default = "";
type = types.str;
};
allowedGroups = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc ''
nixos/grafana: fix description text error Description text has been placed incorrectly for allowedDomains and allowedGroups
2022-09-09 15:11:27 +02:00
To limit access to authenticated users who are members of one or more groups,
set allowedGroups to a comma- or space-separated list of group object IDs.
You can find object IDs for a specific group on the Azure portal.
'';
nixos/grafana: add Azure AD OAuth options
2022-05-16 16:37:02 +02:00
default = "";
type = types.str;
};
};
grafana: add google oauth2 config Grafana supports Google OAuth2. https://grafana.com/docs/grafana/latest/auth/google/
2021-04-13 12:33:04 +00:00
google = {
enable = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Whether to allow Google OAuth2.";
grafana: add google oauth2 config Grafana supports Google OAuth2. https://grafana.com/docs/grafana/latest/auth/google/
2021-04-13 12:33:04 +00:00
default = false;
type = types.bool;
};
allowSignUp = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Whether to allow sign up with Google OAuth2.";
grafana: add google oauth2 config Grafana supports Google OAuth2. https://grafana.com/docs/grafana/latest/auth/google/
2021-04-13 12:33:04 +00:00
default = false;
type = types.bool;
};
clientId = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Google OAuth2 client ID.";
grafana: add google oauth2 config Grafana supports Google OAuth2. https://grafana.com/docs/grafana/latest/auth/google/
2021-04-13 12:33:04 +00:00
default = "";
type = types.str;
};
clientSecretFile = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Google OAuth2 client secret.";
grafana: add google oauth2 config Grafana supports Google OAuth2. https://grafana.com/docs/grafana/latest/auth/google/
2021-04-13 12:33:04 +00:00
default = null;
type = types.nullOr types.path;
};
nixos/grafana: set plugins path, fix image generation Also add options to configure which organization should have anonymous access.
2016-07-15 15:26:31 +02:00
};
nixos: add grafana module
2015-04-25 16:02:44 +02:00
};
grafana module: update
2015-11-16 14:28:28 +01:00
grafana: 2.6.0 -> 3.0.1 (#15395) * grafana: 2.6.0 -> 3.0.1 * grafana module: Fix anonymous auth & add analytics config
2016-05-13 02:28:24 +02:00
analytics.reporting = {
enable = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc "Whether to allow anonymous usage reporting to stats.grafana.net.";
grafana: 2.6.0 -> 3.0.1 (#15395) * grafana: 2.6.0 -> 3.0.1 * grafana module: Fix anonymous auth & add analytics config
2016-05-13 02:28:24 +02:00
default = true;
type = types.bool;
};
};
grafana module: update
2015-11-16 14:28:28 +01:00
extraOptions = mkOption {
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
description = lib.mdDoc ''
grafana module: update
2015-11-16 14:28:28 +01:00
Extra configuration options passed as env variables as specified in
treewide: automatically md-convert option descriptions the conversion procedure is simple: - find all things that look like options, ie calls to either `mkOption` or `lib.mkOption` that take an attrset. remember the attrset as the option - for all options, find a `description` attribute who's value is not a call to `mdDoc` or `lib.mdDoc` - textually convert the entire value of the attribute to MD with a few simple regexes (the set from mdize-module.sh) - if the change produced a change in the manual output, discard - if the change kept the manual unchanged, add some text to the description to make sure we've actually found an option. if the manual changes this time, keep the converted description this procedure converts 80% of nixos options to markdown. around 2000 options remain to be inspected, but most of those fail the "does not change the manual output check": currently the MD conversion process does not faithfully convert docbook tags like <code> and <package>, so any option using such tags will not be converted at all.
2022-07-28 23:19:15 +02:00
[documentation](http://docs.grafana.org/installation/configuration/),
grafana module: update
2015-11-16 14:28:28 +01:00
but without GF_ prefix
'';
default = {};
grafana module: allow path for extraConfig vals
2018-07-19 21:03:38 +02:00
type = with types; attrsOf (either str path);
grafana module: update
2015-11-16 14:28:28 +01:00
};
nixos: add grafana module
2015-04-25 16:02:44 +02:00
};
config = mkIf cfg.enable {
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
warnings = flatten [
(optional (
cfg.database.password != opt.database.password.default ||
cfg.security.adminPassword != opt.security.adminPassword.default
) "Grafana passwords will be stored as plaintext in the Nix store!")
(optional (
nixos/grafana: refactor datasources for RFC42 This commit refactors `services.grafana.provision.datasources` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-19 19:16:55 +04:00
let
checkOpts = opt: any (x: x.password != null || x.basicAuthPassword != null || x.secureJsonData != null) opt;
datasourcesUsed = if (cfg.provision.datasources.settings == null) then [] else cfg.provision.datasources.settings.datasources;
in if (builtins.isList cfg.provision.datasources) then checkOpts cfg.provision.datasources else checkOpts datasourcesUsed
) "Datasource passwords will be stored as plaintext in the Nix store! Use file provider instead.")
Add notifier configs to grafana provisioning Similar to dashboards and datasources, notifiers in Grafana can also be provisioned. This adds them to the Grafana service definition.
2021-01-27 15:14:57 +00:00
(optional (
any (x: x.secure_settings != null) cfg.provision.notifiers
) "Notifier secure settings will be stored as plaintext in the Nix store!")
nixos/grafana: refactor datasources for RFC42 This commit refactors `services.grafana.provision.datasources` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-19 19:16:55 +04:00
(optional (
builtins.isList cfg.provision.datasources
) ''
Provisioning Grafana datasources with options has been deprecated.
Use `services.grafana.provision.datasources.settings` or
`services.grafana.provision.datasources.path` instead.
'')
nixos/grafana: refactor dashboards for RFC42 This commit refactors `services.grafana.provision.dashboards` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-18 13:35:07 +04:00
(optional (
builtins.isList cfg.provision.dashboards
) ''
Provisioning Grafana dashboards with options has been deprecated.
Use `services.grafana.provision.dashboards.settings` or
`services.grafana.provision.dashboards.path` instead.
'')
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
];
nixos: add grafana module
2015-04-25 16:02:44 +02:00
nixos/grafana: set plugins path, fix image generation Also add options to configure which organization should have anonymous access.
2016-07-15 15:26:31 +02:00
environment.systemPackages = [ cfg.package ];
nixos/grafana: options to store secrets not in nix store
2018-09-20 23:01:40 +01:00
assertions = [
{
assertion = cfg.database.password != opt.database.password.default -> cfg.database.passwordFile == null;
message = "Cannot set both password and passwordFile";
}
{
assertion = cfg.security.adminPassword != opt.security.adminPassword.default -> cfg.security.adminPasswordFile == null;
message = "Cannot set both adminPassword and adminPasswordFile";
}
{
Fix typo in assert in grafana module Current assert prevents using secretKeyFile entirely
2019-08-11 13:21:26 +03:00
assertion = cfg.security.secretKey != opt.security.secretKey.default -> cfg.security.secretKeyFile == null;
nixos/grafana: options to store secrets not in nix store
2018-09-20 23:01:40 +01:00
message = "Cannot set both secretKey and secretKeyFile";
}
nixos/grafana: option to configure smtp
2018-09-20 23:02:33 +01:00
{
assertion = cfg.smtp.password != opt.smtp.password.default -> cfg.smtp.passwordFile == null;
Fix typo in assert in grafana module Current assert prevents using secretKeyFile entirely
2019-08-11 13:21:26 +03:00
message = "Cannot set both password and passwordFile";
nixos/grafana: option to configure smtp
2018-09-20 23:02:33 +01:00
}
nixos/grafana: ensure that declarative prometheus data-sources don't use direct access Support for that was permanently dropped in Grafana 9.2.0, see also https://github.com/grafana/grafana/commit/f30795b0884dd3485423a12d7d7d0860453967a7
2022-10-13 10:28:29 +02:00
{
nixos/grafana: refactor datasources for RFC42 This commit refactors `services.grafana.provision.datasources` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-19 19:16:55 +04:00
assertion = if (builtins.isList cfg.provision.datasources) then true else cfg.provision.datasources.settings == null || cfg.provision.datasources.path == null;
message = "Cannot set both datasources settings and datasources path";
}
{
assertion = let
prometheusIsNotDirect = opt: all
nixos/grafana: ensure that declarative prometheus data-sources don't use direct access Support for that was permanently dropped in Grafana 9.2.0, see also https://github.com/grafana/grafana/commit/f30795b0884dd3485423a12d7d7d0860453967a7
2022-10-13 10:28:29 +02:00
({ type, access, ... }: type == "prometheus" -> access != "direct")
nixos/grafana: refactor datasources for RFC42 This commit refactors `services.grafana.provision.datasources` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-19 19:16:55 +04:00
opt;
in
if (builtins.isList cfg.provision.datasources) then prometheusIsNotDirect cfg.provision.datasources
else cfg.provision.datasources.settings == null || prometheusIsNotDirect cfg.provision.datasources.settings.datasources;
nixos/grafana: ensure that declarative prometheus data-sources don't use direct access Support for that was permanently dropped in Grafana 9.2.0, see also https://github.com/grafana/grafana/commit/f30795b0884dd3485423a12d7d7d0860453967a7
2022-10-13 10:28:29 +02:00
message = "For datasources of type `prometheus`, the `direct` access mode is not supported anymore (since Grafana 9.2.0)";
}
nixos/grafana: refactor dashboards for RFC42 This commit refactors `services.grafana.provision.dashboards` towards the RFC42 style. To preserve backwards compatibility, we have to jump through a ton of hoops, introducing esoteric type signatures and bizarre structs. The Grafana module definition should hopefully become a lot cleaner after a release cycle or two once the old configuration style is completely deprecated.
2022-09-18 13:35:07 +04:00
{
assertion = if (builtins.isList cfg.provision.dashboards) then true else cfg.provision.dashboards.settings == null || cfg.provision.dashboards.path == null;
message = "Cannot set both dashboards settings and dashboards path";
}
nixos/grafana: options to store secrets not in nix store
2018-09-20 23:01:40 +01:00
];
nixos: add grafana module
2015-04-25 16:02:44 +02:00
systemd.services.grafana = {
description = "Grafana Service Daemon";
wantedBy = ["multi-user.target"];
nixos/grafana: start systemd service after database
2021-08-24 14:59:58 +02:00
after = ["networking.target"] ++ lib.optional usePostgresql "postgresql.service" ++ lib.optional useMysql "mysql.service";
grafana: 5.0.2 -> 5.0.3, fix headless phantomjs
2018-03-19 17:04:39 +01:00
environment = {
QT_QPA_PLATFORM = "offscreen";
} // mapAttrs' (n: v: nameValuePair "GF_${n}" (toString v)) envOptions;
nixos/grafana: options to store secrets not in nix store
2018-09-20 23:01:40 +01:00
script = ''
nixos/grafana: Add error handling to service script Without this, the services starts even if files are missing or prerequisite commands fail, which can lead to incorrect initial state.
2021-06-04 18:19:04 +02:00
set -o errexit -o pipefail -o nounset -o errtrace
shopt -s inherit_errexit
nixos/grafana: add Azure AD OAuth options
2022-05-16 16:37:02 +02:00
${optionalString (cfg.auth.azuread.clientSecretFile != null) ''
GF_AUTH_AZUREAD_CLIENT_SECRET="$(<${escapeShellArg cfg.auth.azuread.clientSecretFile})"
export GF_AUTH_AZUREAD_CLIENT_SECRET
''}
grafana: add google oauth2 config Grafana supports Google OAuth2. https://grafana.com/docs/grafana/latest/auth/google/
2021-04-13 12:33:04 +00:00
${optionalString (cfg.auth.google.clientSecretFile != null) ''
nixos/grafana: Add error handling to service script Without this, the services starts even if files are missing or prerequisite commands fail, which can lead to incorrect initial state.
2021-06-04 18:19:04 +02:00
GF_AUTH_GOOGLE_CLIENT_SECRET="$(<${escapeShellArg cfg.auth.google.clientSecretFile})"
export GF_AUTH_GOOGLE_CLIENT_SECRET
grafana: add google oauth2 config Grafana supports Google OAuth2. https://grafana.com/docs/grafana/latest/auth/google/
2021-04-13 12:33:04 +00:00
''}
nixos/grafana: options to store secrets not in nix store
2018-09-20 23:01:40 +01:00
${optionalString (cfg.database.passwordFile != null) ''
nixos/grafana: Add error handling to service script Without this, the services starts even if files are missing or prerequisite commands fail, which can lead to incorrect initial state.
2021-06-04 18:19:04 +02:00
GF_DATABASE_PASSWORD="$(<${escapeShellArg cfg.database.passwordFile})"
export GF_DATABASE_PASSWORD
nixos/grafana: options to store secrets not in nix store
2018-09-20 23:01:40 +01:00
''}
${optionalString (cfg.security.adminPasswordFile != null) ''
nixos/grafana: Add error handling to service script Without this, the services starts even if files are missing or prerequisite commands fail, which can lead to incorrect initial state.
2021-06-04 18:19:04 +02:00
GF_SECURITY_ADMIN_PASSWORD="$(<${escapeShellArg cfg.security.adminPasswordFile})"
export GF_SECURITY_ADMIN_PASSWORD
nixos/grafana: options to store secrets not in nix store
2018-09-20 23:01:40 +01:00
''}
${optionalString (cfg.security.secretKeyFile != null) ''
nixos/grafana: Add error handling to service script Without this, the services starts even if files are missing or prerequisite commands fail, which can lead to incorrect initial state.
2021-06-04 18:19:04 +02:00
GF_SECURITY_SECRET_KEY="$(<${escapeShellArg cfg.security.secretKeyFile})"
export GF_SECURITY_SECRET_KEY
nixos/grafana: options to store secrets not in nix store
2018-09-20 23:01:40 +01:00
''}
nixos/grafana: option to configure smtp
2018-09-20 23:02:33 +01:00
${optionalString (cfg.smtp.passwordFile != null) ''
nixos/grafana: Add error handling to service script Without this, the services starts even if files are missing or prerequisite commands fail, which can lead to incorrect initial state.
2021-06-04 18:19:04 +02:00
GF_SMTP_PASSWORD="$(<${escapeShellArg cfg.smtp.passwordFile})"
export GF_SMTP_PASSWORD
nixos/grafana: option to configure smtp
2018-09-20 23:02:33 +01:00
''}
nixos/grafana: implement dashboard & datasource provisioning Adds the ability to automatically provision datasources and dashboards.
2019-01-13 11:54:19 +01:00
${optionalString cfg.provision.enable ''
export GF_PATHS_PROVISIONING=${provisionConfDir};
''}
nixos/*: use $out instead of $bin with buildGoPackage
2020-04-28 11:50:34 +10:00
exec ${cfg.package}/bin/grafana-server -homepath ${cfg.dataDir}
nixos/grafana: option to configure smtp
2018-09-20 23:02:33 +01:00
'';
nixos: add grafana module
2015-04-25 16:02:44 +02:00
serviceConfig = {
WorkingDirectory = cfg.dataDir;
User = "grafana";
nixos/grafana: add socket configuration option
2021-03-29 15:59:24 +02:00
RuntimeDirectory = "grafana";
RuntimeDirectoryMode = "0755";
nixos/grafana: systemd unit hardening
2021-08-15 13:55:43 +02:00
# Hardening
nixos/grafana: fix systemd unit Remove MemoryDenyWriteExecute hardening as it breaks image rendering plugin. Add CAP_NET_BIND_SERVICE to bind to low ports when needed. Remove PrivateUsers and ProcSubset as upstream choose to remove it. Upstream changes: <https://github.com/grafana/grafana/pull/40219>, <https://github.com/grafana/grafana/pull/40178>, <https://github.com/grafana/grafana/pull/40339> and <https://github.com/grafana/grafana/pull/40815>.
2021-10-10 17:14:42 +02:00
AmbientCapabilities = lib.mkIf (cfg.port < 1024) [ "CAP_NET_BIND_SERVICE" ];
CapabilityBoundingSet = if (cfg.port < 1024) then [ "CAP_NET_BIND_SERVICE" ] else [ "" ];
nixos/grafana: systemd unit hardening
2021-08-15 13:55:43 +02:00
DeviceAllow = [ "" ];
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "full";
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
nixos/grafana: fix systemd unit Remove MemoryDenyWriteExecute hardening as it breaks image rendering plugin. Add CAP_NET_BIND_SERVICE to bind to low ports when needed. Remove PrivateUsers and ProcSubset as upstream choose to remove it. Upstream changes: <https://github.com/grafana/grafana/pull/40219>, <https://github.com/grafana/grafana/pull/40178>, <https://github.com/grafana/grafana/pull/40339> and <https://github.com/grafana/grafana/pull/40815>.
2021-10-10 17:14:42 +02:00
# Upstream grafana is not setting SystemCallFilter for compatibility
# reasons, see https://github.com/grafana/grafana/pull/40176
nixos/grafana: loosen systemd syscall sandboxing Allow @resources syscalls in the grafana.service unit. While Grafana itself does not need them, some plugins (incl. first party) crash if they fail to setrlimit. This was first seen with the official grafana Clickhouse datasource plugin. The @resources syscalls set is fairly harmess anyway.
2022-09-06 02:10:47 +02:00
SystemCallFilter = [ "@system-service" "~@privileged" ];
nixos/grafana: systemd unit hardening
2021-08-15 13:55:43 +02:00
UMask = "0027";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
};
grafana module: update
2015-11-16 14:28:28 +01:00
preStart = ''
ln -fs ${cfg.package}/share/grafana/conf ${cfg.dataDir}
grafana: 4.6.3 -> 5.0.0
2018-03-01 17:07:50 +01:00
ln -fs ${cfg.package}/share/grafana/tools ${cfg.dataDir}
grafana module: update
2015-11-16 14:28:28 +01:00
'';
nixos: add grafana module
2015-04-25 16:02:44 +02:00
};
nixos/modules: users.(extraUsers|extraGroup->users|group)
2018-06-30 01:58:35 +02:00
users.users.grafana = {
nixos: add grafana module
2015-04-25 16:02:44 +02:00
uid = config.ids.uids.grafana;
description = "Grafana user";
home = cfg.dataDir;
createHome = true;
nixos/grafana: add grafana user to group 'grafana'
2019-07-15 15:46:08 +02:00
group = "grafana";
nixos: add grafana module
2015-04-25 16:02:44 +02:00
};
nixos/grafana: add grafana user to group 'grafana'
2019-07-15 15:46:08 +02:00
users.groups.grafana = {};
nixos: add grafana module
2015-04-25 16:02:44 +02:00
};
}
Reference in a new issue Copy permalink