movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-14 06:00:33 +03:00
Code Activity

nixos/grafana: Fix and adjust config options

Browse source
This commit is contained in:
Joscha 2023-06-20 22:24:29 +02:00
parent 8407b20a4e
commit daa75a4093
1 changed files with 73 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

99
nixos/modules/services/monitoring/grafana.nix
View file

@ -10,7 +10,26 @@ let
useMysql = cfg.settings.database.type == "mysql"; useMysql = cfg.settings.database.type == "mysql";
usePostgresql = cfg.settings.database.type == "postgres"; usePostgresql = cfg.settings.database.type == "postgres";
settingsFormatIni = pkgs.formats.ini { }; # Prefer using the values from the default config file[0] directly. This way,
# people reading the NixOS manual can see them without cross-referencing the
# official documentation.
#
# However, if there is no default entry or if the setting is optional, use
# `null` as the default value. It will be turned into the empty string.
#
# If a setting is a list, always allow setting it as a plain string as well.
#
# [0]: https://github.com/grafana/grafana/blob/main/conf/defaults.ini
settingsFormatIni = pkgs.formats.ini {
listToValue = concatMapStringsSep " " (generators.mkValueStringDefault { });
mkKeyValue = generators.mkKeyValueDefault
{
mkValueString = v:
if v == null then ""
else generators.mkValueStringDefault { } v;
}
"=";
};
configFile = settingsFormatIni.generate "config.ini" cfg.settings; configFile = settingsFormatIni.generate "config.ini" cfg.settings;
mkProvisionCfg = name: attr: provisionCfg: mkProvisionCfg = name: attr: provisionCfg:
@ -405,7 +424,6 @@ in
This setting is also important if you have a reverse proxy in front of Grafana that exposes it through a subpath. This setting is also important if you have a reverse proxy in front of Grafana that exposes it through a subpath.
In that case add the subpath to the end of this URL setting. In that case add the subpath to the end of this URL setting.
''; '';
# https://github.com/grafana/grafana/blob/cb7e18938b8eb6860a64b91aaba13a7eb31bc95b/conf/defaults.ini#L54
default = "%(protocol)s://%(domain)s:%(http_port)s/"; default = "%(protocol)s://%(domain)s:%(http_port)s/";
type = types.str; type = types.str;
}; };
@ -453,16 +471,16 @@ in
description = lib.mdDoc '' description = lib.mdDoc ''
Path to the certificate file (if `protocol` is set to `https` or `h2`). Path to the certificate file (if `protocol` is set to `https` or `h2`).
''; '';
default = ""; default = null;
type = types.str; type = types.nullOr types.str;
}; };
cert_key = mkOption { cert_key = mkOption {
description = lib.mdDoc '' description = lib.mdDoc ''
Path to the certificate key file (if `protocol` is set to `https` or `h2`). Path to the certificate key file (if `protocol` is set to `https` or `h2`).
''; '';
default = ""; default = null;
type = types.str; type = types.nullOr types.str;
}; };
socket_gid = mkOption { socket_gid = mkOption {
@ -505,8 +523,8 @@ in
For example, given a cdn url like `https://cdn.myserver.com` For example, given a cdn url like `https://cdn.myserver.com`
grafana will try to load a javascript file from `http://cdn.myserver.com/grafana-oss/7.4.0/public/build/app.<hash>.js`. grafana will try to load a javascript file from `http://cdn.myserver.com/grafana-oss/7.4.0/public/build/app.<hash>.js`.
''; '';
default = ""; default = null;
type = types.str; type = types.nullOr types.str;
}; };
read_timeout = mkOption { read_timeout = mkOption {
@ -572,7 +590,7 @@ in
max_open_conn = mkOption { max_open_conn = mkOption {
description = lib.mdDoc "The maximum number of open connections to the database."; description = lib.mdDoc "The maximum number of open connections to the database.";
default = 0; # https://github.com/grafana/grafana/blob/cb7e18938b8eb6860a64b91aaba13a7eb31bc95b/conf/defaults.ini#L123-L124 default = 0;
type = types.int; type = types.int;
}; };
@ -606,7 +624,7 @@ in
For Postgres, use either `disable`, `require` or `verify-full`. For Postgres, use either `disable`, `require` or `verify-full`.
For MySQL, use either `true`, `false`, or `skip-verify`. For MySQL, use either `true`, `false`, or `skip-verify`.
''; '';
default = "disable"; # https://github.com/grafana/grafana/blob/cb7e18938b8eb6860a64b91aaba13a7eb31bc95b/conf/defaults.ini#L134 default = "disable";
type = types.enum [ "disable" "require" "verify-full" "true" "false" "skip-verify" ]; type = types.enum [ "disable" "require" "verify-full" "true" "false" "skip-verify" ];
}; };
@ -621,20 +639,20 @@ in
ca_cert_path = mkOption { ca_cert_path = mkOption {
description = lib.mdDoc "The path to the CA certificate to use."; description = lib.mdDoc "The path to the CA certificate to use.";
default = ""; default = null;
type = types.str; type = types.nullOr types.str;
}; };
client_key_path = mkOption { client_key_path = mkOption {
description = lib.mdDoc "The path to the client key. Only if server requires client authentication."; description = lib.mdDoc "The path to the client key. Only if server requires client authentication.";
default = ""; default = null;
type = types.str; type = types.nullOr types.str;
}; };
client_cert_path = mkOption { client_cert_path = mkOption {
description = lib.mdDoc "The path to the client cert. Only if server requires client authentication."; description = lib.mdDoc "The path to the client cert. Only if server requires client authentication.";
default = ""; default = null;
type = types.str; type = types.nullOr types.str;
}; };
server_cert_name = mkOption { server_cert_name = mkOption {
@ -642,8 +660,8 @@ in
The common name field of the certificate used by the `mysql` or `postgres` server. The common name field of the certificate used by the `mysql` or `postgres` server.
Not necessary if `ssl_mode` is set to `skip-verify`. Not necessary if `ssl_mode` is set to `skip-verify`.
''; '';
default = ""; default = null;
type = types.str; type = types.nullOr types.str;
}; };
path = mkOption { path = mkOption {
@ -751,8 +769,8 @@ in
Format: `ip_or_domain:port` separated by spaces. Format: `ip_or_domain:port` separated by spaces.
PostgreSQL, MySQL, and MSSQL data sources do not use the proxy and are therefore unaffected by this setting. PostgreSQL, MySQL, and MSSQL data sources do not use the proxy and are therefore unaffected by this setting.
''; '';
default = ""; default = [ ];
type = types.str; type = types.oneOf [ types.str (types.listOf types.str) ];
}; };
disable_brute_force_login_protection = mkOption { disable_brute_force_login_protection = mkOption {
@ -870,6 +888,27 @@ in
# how exactly the quoting of the default value works. See also # how exactly the quoting of the default value works. See also
# https://github.com/grafana/grafana/blob/cb7e18938b8eb6860a64b91aaba13a7eb31bc95b/conf/defaults.ini#L364 # https://github.com/grafana/grafana/blob/cb7e18938b8eb6860a64b91aaba13a7eb31bc95b/conf/defaults.ini#L364
# https://github.com/grafana/grafana/blob/cb7e18938b8eb6860a64b91aaba13a7eb31bc95b/conf/defaults.ini#L373 # https://github.com/grafana/grafana/blob/cb7e18938b8eb6860a64b91aaba13a7eb31bc95b/conf/defaults.ini#L373
# These two options are lists joined with spaces:
# https://github.com/grafana/grafana/blob/916d9793aa81c2990640b55a15dee0db6b525e41/pkg/middleware/csrf/csrf.go#L37-L38
csrf_trusted_origins = mkOption {
description = lib.mdDoc ''
List of additional allowed URLs to pass by the CSRF check.
Suggested when authentication comes from an IdP.
'';
default = [ ];
type = types.oneOf [ types.str (types.listOf types.str) ];
};
csrf_additional_headers = mkOption {
description = lib.mdDoc ''
List of allowed headers to be set by the user.
Suggested to use for if authentication lives behind reverse proxies.
'';
default = [ ];
type = types.oneOf [ types.str (types.listOf types.str) ];
};
}; };
smtp = { smtp = {
@ -887,8 +926,8 @@ in
user = mkOption { user = mkOption {
description = lib.mdDoc "User used for authentication."; description = lib.mdDoc "User used for authentication.";
default = ""; default = null;
type = types.str; type = types.nullOr types.str;
}; };
password = mkOption { password = mkOption {
@ -905,14 +944,14 @@ in
cert_file = mkOption { cert_file = mkOption {
description = lib.mdDoc "File path to a cert file."; description = lib.mdDoc "File path to a cert file.";
default = ""; default = null;
type = types.str; type = types.nullOr types.str;
}; };
key_file = mkOption { key_file = mkOption {
description = lib.mdDoc "File path to a key file."; description = lib.mdDoc "File path to a key file.";
default = ""; default = null;
type = types.str; type = types.nullOr types.str;
}; };
skip_verify = mkOption { skip_verify = mkOption {
@ -933,6 +972,12 @@ in
type = types.str; type = types.str;
}; };
ehlo_identity = mkOption {
description = lib.mdDoc "Name to be used as client identity for EHLO in SMTP dialog.";
default = null;
type = types.nullOr types.str;
};
startTLS_policy = mkOption { startTLS_policy = mkOption {
description = lib.mdDoc "StartTLS policy when connecting to server."; description = lib.mdDoc "StartTLS policy when connecting to server.";
default = null; default = null;
@ -1050,6 +1095,8 @@ in
type = types.str; type = types.str;
}; };
# Lists are joined via space, so this option can't be a list.
# Users have to manually join their values.
hidden_users = mkOption { hidden_users = mkOption {
description = lib.mdDoc '' description = lib.mdDoc ''
This is a comma-separated list of usernames. This is a comma-separated list of usernames.