dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #57716 from dasJ/redo-icingaweb2

Browse Source 
nixos/icingaweb2: Replace most options with toINI
This commit is contained in:
Silvan Mosberger 2019-04-04 21:20:01 +02:00 committed by GitHub
commit fab50f0e91
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 108 additions and 491 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

599
nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix
View File

@ -3,112 +3,18 @@
poolName = "icingaweb2"; poolName = "icingaweb2";
phpfpmSocketName = "/var/run/phpfpm/${poolName}.sock"; phpfpmSocketName = "/var/run/phpfpm/${poolName}.sock";
formatBool = b: if b then "1" else "0"; defaultConfig = {
global = {
configIni = let module_path = "${pkgs.icingaweb2}/modules${optionalString (builtins.length config.modulePath > 0) ":${concatStringsSep ":" config.modulePath}"}";
config = cfg.generalConfig; };
in '' };
[global]
show_stacktraces = "${formatBool config.showStacktraces}"
show_application_state_messages = "${formatBool config.showApplicationStateMessages}"
module_path = "${pkgs.icingaweb2}/modules${optionalString (builtins.length config.modulePath > 0) ":${concatStringsSep ":" config.modulePath}"}"
config_backend = "${config.configBackend}"
${optionalString (config.configBackend == "db") ''config_resource = "${config.configResource}"''}
[logging]
log = "${config.log}"
${optionalString (config.log != "none") ''level = "${config.logLevel}"''}
${optionalString (config.log == "php" || config.log == "syslog") ''application = "${config.logApplication}"''}
${optionalString (config.log == "syslog") ''facility = "${config.logFacility}"''}
${optionalString (config.log == "file") ''file = "${config.logFile}"''}
[themes]
default = "${config.themeDefault}"
disabled = "${formatBool config.themeDisabled}"
[authentication]
${optionalString (config.authDefaultDomain != null) ''default_domain = "${config.authDefaultDomain}"''}
'';
resourcesIni = concatStringsSep "\n" (mapAttrsToList (name: config: ''
[${name}]
type = "${config.type}"
${optionalString (config.type == "db") ''
db = "${config.db}"
host = "${config.host}"
${optionalString (config.port != null) ''port = "${toString config.port}"''}
username = "${config.username}"
password = "${config.password}"
dbname = "${config.dbname}"
${optionalString (config.charset != null) ''charset = "${config.charset}"''}
use_ssl = "${formatBool config.useSSL}"
${optionalString (config.sslCert != null) ''ssl_cert = "${config.sslCert}"''}
${optionalString (config.sslKey != null) ''ssl_cert = "${config.sslKey}"''}
${optionalString (config.sslCA != null) ''ssl_cert = "${config.sslCA}"''}
${optionalString (config.sslCApath != null) ''ssl_cert = "${config.sslCApath}"''}
${optionalString (config.sslCipher != null) ''ssl_cert = "${config.sslCipher}"''}
''}
${optionalString (config.type == "ldap") ''
hostname = "${config.host}"
${optionalString (config.port != null) ''port = "${toString config.port}"''}
root_dn = "${config.rootDN}"
bind_dn = "${config.username}"
bind_pw = "${config.password}"
encryption = "${config.ldapEncryption}"
timeout = "${toString config.ldapTimeout}"
''}
${optionalString (config.type == "ssh") ''
user = "${config.username}"
private_key = "${config.sshPrivateKey}"
''}
'') cfg.resources);
authenticationIni = concatStringsSep "\n" (mapAttrsToList (name: config: ''
[${name}]
backend = "${config.backend}"
${optionalString (config.domain != null) ''domain = "${config.domain}"''}
${optionalString (config.backend == "external" && config.externalStripRegex != null) ''strip_username_regexp = "${config.externalStripRegex}"''}
${optionalString (config.backend != "external") ''resource = "${config.resource}"''}
${optionalString (config.backend == "ldap" || config.backend == "msldap") ''
${optionalString (config.ldapUserClass != null) ''user_class = "${config.ldapUserClass}"''}
${optionalString (config.ldapUserNameAttr != null) ''user_name_attribute = "${config.ldapUserNameAttr}"''}
${optionalString (config.ldapFilter != null) ''filter = "${config.ldapFilter}"''}
''}
'') cfg.authentications);
groupsIni = concatStringsSep "\n" (mapAttrsToList (name: config: ''
[${name}]
backend = "${config.backend}"
resource = "${config.resource}"
${optionalString (config.backend != "db") ''
${optionalString (config.ldapUserClass != null) ''user_class = "${config.ldapUserClass}"''}
${optionalString (config.ldapUserNameAttr != null) ''user_name_attribute = "${config.ldapUserNameAttr}"''}
${optionalString (config.ldapGroupClass != null) ''group_class = "${config.ldapGroupClass}"''}
${optionalString (config.ldapGroupNameAttr != null) ''group_name_attribute = "${config.ldapGroupNameAttr}"''}
${optionalString (config.ldapGroupFilter != null) ''group_filter = "${config.ldapGroupFilter}"''}
''}
${optionalString (config.backend == "msldap" && config.ldapNestedSearch) ''nested_group_search = "1"''}
'') cfg.groupBackends);
rolesIni = let
optionalList = var: attribute: optionalString (builtins.length var > 0) ''${attribute} = "${concatStringsSep "," var}"'';
in concatStringsSep "\n" (mapAttrsToList (name: config: ''
[${name}]
${optionalList config.users "users"}
${optionalList config.groups "groups"}
${optionalList config.permissions "permissions"}
${optionalList config.permissions "permissions"}
${concatStringsSep "\n" (mapAttrsToList (key: value: optionalList value key) config.extraAssignments)}
'') cfg.roles);
in { in {
options.services.icingaweb2 = with types; { options.services.icingaweb2 = with types; {
enable = mkEnableOption "the icingaweb2 web interface"; enable = mkEnableOption "the icingaweb2 web interface";
pool = mkOption { pool = mkOption {
type = str; type = str;
default = "${poolName}"; default = poolName;
description = '' description = ''
Name of existing PHP-FPM pool that is used to run Icingaweb2. Name of existing PHP-FPM pool that is used to run Icingaweb2.
If not specified, a pool will automatically created with default values. If not specified, a pool will automatically created with default values.
@ -143,7 +49,7 @@ in {
default = {}; default = {};
example = literalExample '' example = literalExample ''
{ {
"snow" = pkgs.icingaweb2Modules.theme-snow; "snow" = icingaweb2Modules.theme-snow;
} }
''; '';
description = '' description = ''
@ -153,419 +59,130 @@ in {
''; '';
}; };
generalConfig = { generalConfig = mkOption {
mutable = mkOption { type = nullOr attrs;
type = bool; default = null;
default = false; example = {
description = '' general = {
Make config.ini mutable (e.g. via the web interface). showStacktraces = 1;
Not that you need to update module_path manually. config_resource = "icingaweb_db";
''; };
logging = {
log = "syslog";
level = "CRITICAL";
};
}; };
description = ''
config.ini contents.
Will automatically be converted to a .ini file.
If you don't set global.module_path, the module will take care of it.
showStacktraces = mkOption { If the value is null, no config.ini is created and you can
type = bool; modify it manually (e.g. via the web interface).
default = true; Note that you need to update module_path manually.
description = "Enable stack traces in the Web UI"; '';
};
showApplicationStateMessages = mkOption {
type = bool;
default = true;
description = "Enable application state messages in the Web UI";
};
modulePath = mkOption {
type = listOf str;
default = [];
description = "List of additional module search paths";
};
configBackend = mkOption {
type = enum [ "ini" "db" "none" ];
default = "db";
description = "Where to store user preferences";
};
configResource = mkOption {
type = nullOr str;
default = null;
description = "Database resource where user preferences are stored (if they are stored in a database)";
};
log = mkOption {
type = enum [ "syslog" "php" "file" "none" ];
default = "syslog";
description = "Logging target";
};
logLevel = mkOption {
type = enum [ "ERROR" "WARNING" "INFO" "DEBUG" ];
default = "ERROR";
description = "Maximum logging level to emit";
};
logApplication = mkOption {
type = str;
default = "icingaweb2";
description = "Application name to log under (syslog and php log)";
};
logFacility = mkOption {
type = enum [ "user" "local0" "local1" "local2" "local3" "local4" "local5" "local6" "local7" ];
default = "user";
description = "Syslog facility to log to";
};
logFile = mkOption {
type = str;
default = "/var/log/icingaweb2/icingaweb2.log";
description = "File to log to";
};
themeDefault = mkOption {
type = str;
default = "Icinga";
description = "Name of the default theme";
};
themeDisabled = mkOption {
type = bool;
default = false;
description = "Disallow users to change the theme";
};
authDefaultDomain = mkOption {
type = nullOr str;
default = null;
description = "Domain for users logging in without a qualified domain";
};
};
mutableResources = mkOption {
type = bool;
default = false;
description = "Make resources.ini mutable (e.g. via the web interface)";
}; };
resources = mkOption { resources = mkOption {
default = {}; type = nullOr attrs;
description = "Icingaweb 2 resources to define"; default = null;
type = attrsOf (submodule ({ name, ... }: { example = {
options = { icingaweb_db = {
name = mkOption { type = "db";
visible = false; db = "mysql";
default = name; host = "localhost";
type = str; username = "icingaweb2";
description = "Name of this resource"; password = "icingaweb2";
}; dbname = "icingaweb2";
type = mkOption {
type = enum [ "db" "ldap" "ssh" ];
default = "db";
description = "Type of this resouce";
};
db = mkOption {
type = enum [ "mysql" "pgsql" ];
default = "mysql";
description = "Type of this database resource";
};
host = mkOption {
type = str;
description = "Host to connect to";
};
port = mkOption {
type = nullOr port;
default = null;
description = "Port to connect on";
};
username = mkOption {
type = str;
description = "Database or SSH user or LDAP bind DN to connect with";
};
password = mkOption {
type = str;
description = "Password for the database user or LDAP bind DN";
};
dbname = mkOption {
type = str;
description = "Name of the database to connect to";
};
charset = mkOption {
type = nullOr str;
default = null;
example = "utf8";
description = "Database character set to connect with";
};
useSSL = mkOption {
type = nullOr bool;
default = false;
description = "Whether to connect to the database using SSL";
};
sslCert = mkOption {
type = nullOr str;
default = null;
description = "The file path to the SSL certificate. Only available for the mysql database.";
};
sslKey = mkOption {
type = nullOr str;
default = null;
description = "The file path to the SSL key. Only available for the mysql database.";
};
sslCA = mkOption {
type = nullOr str;
default = null;
description = "The file path to the SSL certificate authority. Only available for the mysql database.";
};
sslCApath = mkOption {
type = nullOr str;
default = null;
description = "The file path to the directory that contains the trusted SSL CA certificates in PEM format. Only available for the mysql database.";
};
sslCipher = mkOption {
type = nullOr str;
default = null;
description = "A list of one or more permissible ciphers to use for SSL encryption, in a format understood by OpenSSL. Only available for the mysql database.";
};
rootDN = mkOption {
type = str;
description = "Root object of the LDAP tree";
};
ldapEncryption = mkOption {
type = enum [ "none" "starttls" "ldaps" ];
default = "none";
description = "LDAP encryption to use";
};
ldapTimeout = mkOption {
type = ints.positive;
default = 5;
description = "Connection timeout for every LDAP connection";
};
sshPrivateKey = mkOption {
type = str;
description = "The path to the private key of the user";
};
}; };
})); };
}; description = ''
resources.ini contents.
Will automatically be converted to a .ini file.
mutableAuthConfig = mkOption { If the value is null, no resources.ini is created and you can
type = bool; modify it manually (e.g. via the web interface).
default = true; Note that if you set passwords here, they will go into the nix store.
description = "Make authentication.ini mutable (e.g. via the web interface)"; '';
}; };
authentications = mkOption { authentications = mkOption {
default = {}; type = nullOr attrs;
description = "Icingaweb 2 authentications to define"; default = null;
type = attrsOf (submodule ({ name, ... }: { example = {
options = { icingaweb = {
name = mkOption { backend = "db";
visible = false; resource = "icingaweb_db";
default = name;
type = str;
description = "Name of this authentication";
};
backend = mkOption {
type = enum [ "external" "ldap" "msldap" "db" ];
default = "db";
description = "The type of this authentication backend";
};
domain = mkOption {
type = nullOr str;
default = null;
description = "Domain for domain-aware authentication";
};
externalStripRegex = mkOption {
type = nullOr str;
default = null;
description = "Regular expression to strip off specific user name parts";
};
resource = mkOption {
type = str;
description = "Name of the database/LDAP resource";
};
ldapUserClass = mkOption {
type = nullOr str;
default = null;
description = "LDAP user class";
};
ldapUserNameAttr = mkOption {
type = nullOr str;
default = null;
description = "LDAP attribute which contains the username";
};
ldapFilter = mkOption {
type = nullOr str;
default = null;
description = "LDAP search filter";
};
}; };
})); };
}; description = ''
authentication.ini contents.
Will automatically be converted to a .ini file.
mutableGroupsConfig = mkOption { If the value is null, no authentication.ini is created and you can
type = bool; modify it manually (e.g. via the web interface).
default = true; '';
description = "Make groups.ini mutable (e.g. via the web interface)";
}; };
groupBackends = mkOption { groupBackends = mkOption {
default = {}; type = nullOr attrs;
description = "Icingaweb 2 group backends to define"; default = null;
type = attrsOf (submodule ({ name, ... }: { example = {
options = { icingaweb = {
name = mkOption { backend = "db";
visible = false; resource = "icingaweb_db";
default = name;
type = str;
description = "Name of this group backend";
};
backend = mkOption {
type = enum [ "ldap" "msldap" "db" ];
default = "db";
description = "The type of this group backend";
};
resource = mkOption {
type = str;
description = "Name of the database/LDAP resource";
};
ldapUserClass = mkOption {
type = nullOr str;
default = null;
description = "LDAP user class";
};
ldapUserNameAttr = mkOption {
type = nullOr str;
default = null;
description = "LDAP attribute which contains the username";
};
ldapGroupClass = mkOption {
type = nullOr str;
default = null;
description = "LDAP group class";
};
ldapGroupNameAttr = mkOption {
type = nullOr str;
default = null;
description = "LDAP attribute which contains the groupname";
};
ldapGroupFilter = mkOption {
type = nullOr str;
default = null;
description = "LDAP group search filter";
};
ldapNestedSearch = mkOption {
type = bool;
default = false;
description = "Enable nested group search in Active Directory based on the user";
};
}; };
})); };
}; description = ''
groups.ini contents.
Will automatically be converted to a .ini file.
mutableRolesConfig = mkOption { If the value is null, no groups.ini is created and you can
type = bool; modify it manually (e.g. via the web interface).
default = true; '';
description = "Make roles.ini mutable (e.g. via the web interface)";
}; };
roles = mkOption { roles = mkOption {
default = {}; type = nullOr attrs;
description = "Icingaweb 2 roles to define"; default = null;
type = attrsOf (submodule ({ name, ... }: { example = {
options = { Administrators = {
name = mkOption { users = "admin";
visible = false; permissions = "*";
default = name;
type = str;
description = "Name of this role";
};
users = mkOption {
type = listOf str;
default = [];
description = "List of users that are assigned to the role";
};
groups = mkOption {
type = listOf str;
default = [];
description = "List of groups that are assigned to the role";
};
permissions = mkOption {
type = listOf str;
default = [];
example = [ "application/share/navigation" "config/*" ];
description = "The permissions to grant";
};
extraAssignments = mkOption {
type = attrsOf (listOf str);
default = {};
example = { "monitoring/blacklist/properties" = [ "sla" "customer"]; };
description = "Additional assignments of this role";
};
}; };
})); };
description = ''
roles.ini contents.
Will automatically be converted to a .ini file.
If the value is null, no roles.ini is created and you can
modify it manually (e.g. via the web interface).
'';
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.phpfpm.poolConfigs = mkIf (cfg.pool == "${poolName}") { services.phpfpm.poolConfigs = mkIf (cfg.pool == "${poolName}") {
"${poolName}" = { "${poolName}" = ''
listen = phpfpmSocketName; listen = "${phpfpmSocketName}"
phpOptions = '' listen.owner = nginx
extension = ${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so listen.group = nginx
date.timezone = "${cfg.timezone}" listen.mode = 0600
''; user = icingaweb2
extraConfig = '' pm = dynamic
listen.owner = nginx pm.max_children = 75
listen.group = nginx pm.start_servers = 2
listen.mode = 0600 pm.min_spare_servers = 2
user = icingaweb2 pm.max_spare_servers = 10
pm = dynamic '';
pm.max_children = 75
pm.start_servers = 2
pm.min_spare_servers = 2
pm.max_spare_servers = 10
'';
};
}; };
services.phpfpm.phpOptions = mkIf (cfg.pool == "${poolName}")
''
extension = ${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so
date.timezone = "${cfg.timezone}"
'';
systemd.services."phpfpm-${poolName}".serviceConfig.ReadWritePaths = [ "/etc/icingaweb2" ]; systemd.services."phpfpm-${poolName}".serviceConfig.ReadWritePaths = [ "/etc/icingaweb2" ];
services.nginx = { services.nginx = {
@ -609,11 +226,11 @@ in {
// doModule "test" // doModule "test"
// doModule "translation" // doModule "translation"
# Configs # Configs
// optionalAttrs (!cfg.generalConfig.mutable) { "icingaweb2/config.ini".text = configIni; } // optionalAttrs (cfg.generalConfig != null) { "icingaweb2/config.ini".text = generators.toINI {} (defaultConfig // cfg.generalConfig); }
// optionalAttrs (!cfg.mutableResources) { "icingaweb2/resources.ini".text = resourcesIni; } // optionalAttrs (cfg.resources != null) { "icingaweb2/resources.ini".text = generators.toINI {} cfg.resources; }
// optionalAttrs (!cfg.mutableAuthConfig) { "icingaweb2/authentication.ini".text = authenticationIni; } // optionalAttrs (cfg.authentications != null) { "icingaweb2/authentication.ini".text = generators.toINI {} cfg.authentications; }
// optionalAttrs (!cfg.mutableGroupsConfig) { "icingaweb2/groups.ini".text = groupsIni; } // optionalAttrs (cfg.groupBackends != null) { "icingaweb2/groups.ini".text = generators.toINI {} cfg.groupBackends; }
// optionalAttrs (!cfg.mutableRolesConfig) { "icingaweb2/roles.ini".text = rolesIni; }; // optionalAttrs (cfg.roles != null) { "icingaweb2/roles.ini".text = generators.toINI {} cfg.roles; };
# User and group # User and group
users.groups.icingaweb2 = {}; users.groups.icingaweb2 = {};