nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix at 21.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / web-apps / icingaweb2 / icingaweb2.nix
at 21.11-pre 7.5 kB view raw
  1{ config, lib, pkgs, ... }: with lib; let
  2  cfg = config.services.icingaweb2;
  3  fpm = config.services.phpfpm.pools.${poolName};
  4  poolName = "icingaweb2";
  5
  6  defaultConfig = {
  7    global = {
  8      module_path = "${pkgs.icingaweb2}/modules";
  9    };
 10  };
 11in {
 12  meta.maintainers = with maintainers; [ das_j ];
 13
 14  options.services.icingaweb2 = with types; {
 15    enable = mkEnableOption "the icingaweb2 web interface";
 16
 17    pool = mkOption {
 18      type = str;
 19      default = poolName;
 20      description = ''
 21         Name of existing PHP-FPM pool that is used to run Icingaweb2.
 22         If not specified, a pool will automatically created with default values.
 23      '';
 24    };
 25
 26    virtualHost = mkOption {
 27      type = nullOr str;
 28      default = "icingaweb2";
 29      description = ''
 30        Name of the nginx virtualhost to use and setup. If null, no virtualhost is set up.
 31      '';
 32    };
 33
 34    timezone = mkOption {
 35      type = str;
 36      default = "UTC";
 37      example = "Europe/Berlin";
 38      description = "PHP-compliant timezone specification";
 39    };
 40
 41    modules = {
 42      doc.enable = mkEnableOption "the icingaweb2 doc module";
 43      migrate.enable = mkEnableOption "the icingaweb2 migrate module";
 44      setup.enable = mkEnableOption "the icingaweb2 setup module";
 45      test.enable = mkEnableOption "the icingaweb2 test module";
 46      translation.enable = mkEnableOption "the icingaweb2 translation module";
 47    };
 48
 49    modulePackages = mkOption {
 50      type = attrsOf package;
 51      default = {};
 52      example = literalExample ''
 53        {
 54          "snow" = icingaweb2Modules.theme-snow;
 55        }
 56      '';
 57      description = ''
 58        Name-package attrset of Icingaweb 2 modules packages to enable.
 59
 60        If you enable modules manually (e.g. via the web ui), they will not be touched.
 61      '';
 62    };
 63
 64    generalConfig = mkOption {
 65      type = nullOr attrs;
 66      default = null;
 67      example = {
 68        general = {
 69          showStacktraces = 1;
 70          config_resource = "icingaweb_db";
 71        };
 72        logging = {
 73          log = "syslog";
 74          level = "CRITICAL";
 75        };
 76      };
 77      description = ''
 78        config.ini contents.
 79        Will automatically be converted to a .ini file.
 80        If you don't set global.module_path, the module will take care of it.
 81
 82        If the value is null, no config.ini is created and you can
 83        modify it manually (e.g. via the web interface).
 84        Note that you need to update module_path manually.
 85      '';
 86    };
 87
 88    resources = mkOption {
 89      type = nullOr attrs;
 90      default = null;
 91      example = {
 92        icingaweb_db = {
 93          type = "db";
 94          db = "mysql";
 95          host = "localhost";
 96          username = "icingaweb2";
 97          password = "icingaweb2";
 98          dbname = "icingaweb2";
 99        };
100      };
101      description = ''
102        resources.ini contents.
103        Will automatically be converted to a .ini file.
104
105        If the value is null, no resources.ini is created and you can
106        modify it manually (e.g. via the web interface).
107        Note that if you set passwords here, they will go into the nix store.
108      '';
109    };
110
111    authentications = mkOption {
112      type = nullOr attrs;
113      default = null;
114      example = {
115        icingaweb = {
116          backend = "db";
117          resource = "icingaweb_db";
118        };
119      };
120      description = ''
121        authentication.ini contents.
122        Will automatically be converted to a .ini file.
123
124        If the value is null, no authentication.ini is created and you can
125        modify it manually (e.g. via the web interface).
126      '';
127    };
128
129    groupBackends = mkOption {
130      type = nullOr attrs;
131      default = null;
132      example = {
133        icingaweb = {
134          backend = "db";
135          resource = "icingaweb_db";
136        };
137      };
138      description = ''
139        groups.ini contents.
140        Will automatically be converted to a .ini file.
141
142        If the value is null, no groups.ini is created and you can
143        modify it manually (e.g. via the web interface).
144      '';
145    };
146
147    roles = mkOption {
148      type = nullOr attrs;
149      default = null;
150      example = {
151        Administrators = {
152          users = "admin";
153          permissions = "*";
154        };
155      };
156      description = ''
157        roles.ini contents.
158        Will automatically be converted to a .ini file.
159
160        If the value is null, no roles.ini is created and you can
161        modify it manually (e.g. via the web interface).
162      '';
163    };
164  };
165
166  config = mkIf cfg.enable {
167    services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") {
168      ${poolName} = {
169        user = "icingaweb2";
170        phpPackage = pkgs.php.withExtensions ({ enabled, all }: [ all.imagick ] ++ enabled);
171        phpOptions = ''
172          date.timezone = "${cfg.timezone}"
173        '';
174        settings = mapAttrs (name: mkDefault) {
175          "listen.owner" = "nginx";
176          "listen.group" = "nginx";
177          "listen.mode" = "0600";
178          "pm" = "dynamic";
179          "pm.max_children" = 75;
180          "pm.start_servers" = 2;
181          "pm.min_spare_servers" = 2;
182          "pm.max_spare_servers" = 10;
183        };
184      };
185    };
186
187    systemd.services."phpfpm-${poolName}".serviceConfig.ReadWritePaths = [ "/etc/icingaweb2" ];
188
189    services.nginx = {
190      enable = true;
191      virtualHosts = mkIf (cfg.virtualHost != null) {
192        ${cfg.virtualHost} = {
193          root = "${pkgs.icingaweb2}/public";
194
195          extraConfig = ''
196            index index.php;
197            try_files $1 $uri $uri/ /index.php$is_args$args;
198          '';
199
200          locations."~ ..*/.*.php$".extraConfig = ''
201            return 403;
202          '';
203
204          locations."~ ^/index.php(.*)$".extraConfig = ''
205            fastcgi_intercept_errors on;
206            fastcgi_index index.php;
207            include ${config.services.nginx.package}/conf/fastcgi.conf;
208            try_files $uri =404;
209            fastcgi_split_path_info ^(.+\.php)(/.+)$;
210            fastcgi_pass unix:${fpm.socket};
211            fastcgi_param SCRIPT_FILENAME ${pkgs.icingaweb2}/public/index.php;
212          '';
213        };
214      };
215    };
216
217    # /etc/icingaweb2
218    environment.etc = let
219      doModule = name: optionalAttrs (cfg.modules.${name}.enable) { "icingaweb2/enabledModules/${name}".source = "${pkgs.icingaweb2}/modules/${name}"; };
220    in {}
221      # Module packages
222      // (mapAttrs' (k: v: nameValuePair "icingaweb2/enabledModules/${k}" { source = v; }) cfg.modulePackages)
223      # Built-in modules
224      // doModule "doc"
225      // doModule "migrate"
226      // doModule "setup"
227      // doModule "test"
228      // doModule "translation"
229      # Configs
230      // optionalAttrs (cfg.generalConfig != null) { "icingaweb2/config.ini".text = generators.toINI {} (defaultConfig // cfg.generalConfig); }
231      // optionalAttrs (cfg.resources != null) { "icingaweb2/resources.ini".text = generators.toINI {} cfg.resources; }
232      // optionalAttrs (cfg.authentications != null) { "icingaweb2/authentication.ini".text = generators.toINI {} cfg.authentications; }
233      // optionalAttrs (cfg.groupBackends != null) { "icingaweb2/groups.ini".text = generators.toINI {} cfg.groupBackends; }
234      // optionalAttrs (cfg.roles != null) { "icingaweb2/roles.ini".text = generators.toINI {} cfg.roles; };
235
236    # User and group
237    users.groups.icingaweb2 = {};
238    users.users.icingaweb2 = {
239      description = "Icingaweb2 service user";
240      group = "icingaweb2";
241      isSystemUser = true;
242    };
243  };
244}