mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-07-13 21:50:33 +03:00
nixos/librenms: add socket auth for mysql
This allows librenms to use socket authentication to the mysql package out of the box if installed under the same username, avoiding complex DB password initialization steps.
This commit is contained in:
Sam Grimee
Yureka
parent
fe79aef7ce
commit
dc6c6e42e4
1 changed files with 71 additions and 38 deletions
|
|
@ -16,7 +16,8 @@ let
|
|||
upload_max_filesize = 100M
|
||||
date.timezone = "${config.time.timeZone}"
|
||||
'';
|
||||
phpIni = pkgs.runCommand "php.ini" {
|
||||
phpIni = pkgs.runCommand "php.ini"
|
||||
{
|
||||
inherit (package) phpPackage;
|
||||
inherit phpOptions;
|
||||
preferLocalBuild = true;
|
||||
|
|
@ -47,7 +48,8 @@ let
|
|||
${lib.optionalString (cfg.extraConfig != null) cfg.extraConfig}
|
||||
'';
|
||||
|
||||
in {
|
||||
in
|
||||
{
|
||||
options.services.librenms = with lib; {
|
||||
enable = mkEnableOption "LibreNMS network monitoring system";
|
||||
|
||||
|
|
@ -191,7 +193,8 @@ in {
|
|||
nginx = mkOption {
|
||||
type = types.submodule (
|
||||
recursiveUpdate
|
||||
(import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) {}
|
||||
(import ../web-servers/nginx/vhost-options.nix { inherit config lib; })
|
||||
{ }
|
||||
);
|
||||
default = { };
|
||||
example = literalExpression ''
|
||||
|
|
@ -240,6 +243,7 @@ in {
|
|||
default = "localhost";
|
||||
description = ''
|
||||
Hostname or IP of the MySQL/MariaDB server.
|
||||
Ignored if 'socket' is defined.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
@ -248,6 +252,7 @@ in {
|
|||
default = 3306;
|
||||
description = ''
|
||||
Port of the MySQL/MariaDB server.
|
||||
Ignored if 'socket' is defined.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
@ -264,15 +269,28 @@ in {
|
|||
default = "librenms";
|
||||
description = ''
|
||||
Name of the user on the MySQL/MariaDB server.
|
||||
Ignored if 'socket' is defined.
|
||||
'';
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = types.path;
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/run/secrets/mysql.pass";
|
||||
description = ''
|
||||
A file containing the password for the user of the MySQL/MariaDB server.
|
||||
Must be readable for the LibreNMS user.
|
||||
Ignored if 'socket' is defined, mandatory otherwise.
|
||||
'';
|
||||
};
|
||||
|
||||
socket = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "/run/mysqld/mysqld.sock";
|
||||
description = ''
|
||||
A unix socket to mysql, accessible by the librenms user.
|
||||
Useful when mysql is on the localhost.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
@ -483,13 +501,15 @@ in {
|
|||
EnvironmentFile = lib.mkIf (cfg.environmentFile != null) [ cfg.environmentFile ];
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
ExecStartPre = lib.mkIf cfg.database.createLocally [ "!${pkgs.writeShellScript "librenms-db-init" ''
|
||||
ExecStartPre = lib.mkIf cfg.database.createLocally [
|
||||
"!${pkgs.writeShellScript "librenms-db-init" ''
|
||||
DB_PASSWORD=$(cat ${cfg.database.passwordFile} | tr -d '\n')
|
||||
echo "ALTER USER '${cfg.database.username}'@'localhost' IDENTIFIED BY '$DB_PASSWORD';" | ${pkgs.mariadb}/bin/mysql
|
||||
${lib.optionalString cfg.useDistributedPollers ''
|
||||
echo "ALTER USER '${cfg.database.username}'@'%' IDENTIFIED BY '$DB_PASSWORD';" | ${pkgs.mariadb}/bin/mysql
|
||||
''}
|
||||
''}"];
|
||||
''}"
|
||||
];
|
||||
};
|
||||
script = ''
|
||||
set -euo pipefail
|
||||
|
|
@ -516,13 +536,24 @@ in {
|
|||
${lib.optionalString (cfg.useDistributedPollers || cfg.distributedPoller.enable) ''
|
||||
echo "CACHE_DRIVER=memcached" >> ${cfg.dataDir}/.env
|
||||
''}
|
||||
echo "DB_DATABASE=${cfg.database.database}" >> ${cfg.dataDir}/.env
|
||||
''
|
||||
+ (
|
||||
if ! isNull cfg.database.socket
|
||||
then ''
|
||||
# use socket connection
|
||||
echo "DB_SOCKET=${cfg.database.socket}" >> ${cfg.dataDir}/.env
|
||||
''
|
||||
else ''
|
||||
# use TCP connection
|
||||
echo "DB_HOST=${cfg.database.host}" >> ${cfg.dataDir}/.env
|
||||
echo "DB_PORT=${toString cfg.database.port}" >> ${cfg.dataDir}/.env
|
||||
echo "DB_DATABASE=${cfg.database.database}" >> ${cfg.dataDir}/.env
|
||||
echo "DB_USERNAME=${cfg.database.username}" >> ${cfg.dataDir}/.env
|
||||
echo -n "DB_PASSWORD=" >> ${cfg.dataDir}/.env
|
||||
cat ${cfg.database.passwordFile} >> ${cfg.dataDir}/.env
|
||||
|
||||
''
|
||||
)
|
||||
+ ''
|
||||
# clear cache after update
|
||||
OLD_VERSION=$(cat ${cfg.dataDir}/version)
|
||||
if [[ $OLD_VERSION != "${package.version}" ]]; then
|
||||
|
|
@ -560,9 +591,11 @@ in {
|
|||
|
||||
services.cron = {
|
||||
enable = true;
|
||||
systemCronJobs = let
|
||||
systemCronJobs =
|
||||
let
|
||||
env = "PHPRC=${phpIni}";
|
||||
in [
|
||||
in
|
||||
[
|
||||
# based on crontab provided by LibreNMS
|
||||
"33 */6 * * * ${cfg.user} ${env} ${package}/cronic ${package}/discovery-wrapper.py 1"
|
||||
"*/5 * * * * ${cfg.user} ${env} ${package}/discovery.php -h new >> /dev/null 2>&1"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue