nixos/modules/services/web-apps/zabbix.nix at 21.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / web-apps / zabbix.nix
at 21.11-pre 7.1 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3let
  4
  5  inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption types;
  6  inherit (lib) literalExample mapAttrs optionalString versionAtLeast;
  7
  8  cfg = config.services.zabbixWeb;
  9  fpm = config.services.phpfpm.pools.zabbix;
 10
 11  user = "zabbix";
 12  group = "zabbix";
 13  stateDir = "/var/lib/zabbix";
 14
 15  zabbixConfig = pkgs.writeText "zabbix.conf.php" ''
 16    <?php
 17    // Zabbix GUI configuration file.
 18    global $DB;
 19    $DB['TYPE'] = '${ { mysql = "MYSQL"; pgsql = "POSTGRESQL"; oracle = "ORACLE"; }.${cfg.database.type} }';
 20    $DB['SERVER'] = '${cfg.database.host}';
 21    $DB['PORT'] = '${toString cfg.database.port}';
 22    $DB['DATABASE'] = '${cfg.database.name}';
 23    $DB['USER'] = '${cfg.database.user}';
 24    $DB['PASSWORD'] = ${if cfg.database.passwordFile != null then "file_get_contents('${cfg.database.passwordFile}')" else "''"};
 25    // Schema name. Used for IBM DB2 and PostgreSQL.
 26    $DB['SCHEMA'] = ''';
 27    $ZBX_SERVER = '${cfg.server.address}';
 28    $ZBX_SERVER_PORT = '${toString cfg.server.port}';
 29    $ZBX_SERVER_NAME = ''';
 30    $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
 31
 32    ${cfg.extraConfig}
 33  '';
 34
 35in
 36{
 37  # interface
 38
 39  options.services = {
 40    zabbixWeb = {
 41      enable = mkEnableOption "the Zabbix web interface";
 42
 43      package = mkOption {
 44        type = types.package;
 45        default = pkgs.zabbix.web;
 46        defaultText = "zabbix.web";
 47        description = "Which Zabbix package to use.";
 48      };
 49
 50      server = {
 51        port = mkOption {
 52          type = types.int;
 53          description = "The port of the Zabbix server to connect to.";
 54          default = 10051;
 55        };
 56
 57        address = mkOption {
 58          type = types.str;
 59          description = "The IP address or hostname of the Zabbix server to connect to.";
 60          default = "localhost";
 61        };
 62      };
 63
 64      database = {
 65        type = mkOption {
 66          type = types.enum [ "mysql" "pgsql" "oracle" ];
 67          example = "mysql";
 68          default = "pgsql";
 69          description = "Database engine to use.";
 70        };
 71
 72        host = mkOption {
 73          type = types.str;
 74          default = "";
 75          description = "Database host address.";
 76        };
 77
 78        port = mkOption {
 79          type = types.int;
 80          default =
 81            if cfg.database.type == "mysql" then config.services.mysql.port
 82            else if cfg.database.type == "pgsql" then config.services.postgresql.port
 83            else 1521;
 84          description = "Database host port.";
 85        };
 86
 87        name = mkOption {
 88          type = types.str;
 89          default = "zabbix";
 90          description = "Database name.";
 91        };
 92
 93        user = mkOption {
 94          type = types.str;
 95          default = "zabbix";
 96          description = "Database user.";
 97        };
 98
 99        passwordFile = mkOption {
100          type = types.nullOr types.path;
101          default = null;
102          example = "/run/keys/zabbix-dbpassword";
103          description = ''
104            A file containing the password corresponding to
105            <option>database.user</option>.
106          '';
107        };
108
109        socket = mkOption {
110          type = types.nullOr types.path;
111          default = null;
112          example = "/run/postgresql";
113          description = "Path to the unix socket file to use for authentication.";
114        };
115      };
116
117      virtualHost = mkOption {
118        type = types.submodule (import ../web-servers/apache-httpd/vhost-options.nix);
119        example = literalExample ''
120          {
121            hostName = "zabbix.example.org";
122            adminAddr = "webmaster@example.org";
123            forceSSL = true;
124            enableACME = true;
125          }
126        '';
127        description = ''
128          Apache configuration can be done by adapting <literal>services.httpd.virtualHosts.&lt;name&gt;</literal>.
129          See <xref linkend="opt-services.httpd.virtualHosts"/> for further information.
130        '';
131      };
132
133      poolConfig = mkOption {
134        type = with types; attrsOf (oneOf [ str int bool ]);
135        default = {
136          "pm" = "dynamic";
137          "pm.max_children" = 32;
138          "pm.start_servers" = 2;
139          "pm.min_spare_servers" = 2;
140          "pm.max_spare_servers" = 4;
141          "pm.max_requests" = 500;
142        };
143        description = ''
144          Options for the Zabbix PHP pool. See the documentation on <literal>php-fpm.conf</literal> for details on configuration directives.
145        '';
146      };
147
148      extraConfig = mkOption {
149        type = types.lines;
150        default = "";
151        description = ''
152          Additional configuration to be copied verbatim into <filename>zabbix.conf.php</filename>.
153        '';
154      };
155
156    };
157  };
158
159  # implementation
160
161  config = mkIf cfg.enable {
162
163    services.zabbixWeb.extraConfig = optionalString ((versionAtLeast config.system.stateVersion "20.09") && (versionAtLeast cfg.package.version "5.0.0")) ''
164      $DB['DOUBLE_IEEE754'] = 'true';
165    '';
166
167    systemd.tmpfiles.rules = [
168      "d '${stateDir}' 0750 ${user} ${group} - -"
169      "d '${stateDir}/session' 0750 ${user} ${config.services.httpd.group} - -"
170    ];
171
172    services.phpfpm.pools.zabbix = {
173      inherit user;
174      group = config.services.httpd.group;
175      phpOptions = ''
176        # https://www.zabbix.com/documentation/current/manual/installation/install
177        memory_limit = 128M
178        post_max_size = 16M
179        upload_max_filesize = 2M
180        max_execution_time = 300
181        max_input_time = 300
182        session.auto_start = 0
183        mbstring.func_overload = 0
184        always_populate_raw_post_data = -1
185        # https://bbs.archlinux.org/viewtopic.php?pid=1745214#p1745214
186        session.save_path = ${stateDir}/session
187      '' + optionalString (config.time.timeZone != null) ''
188        date.timezone = "${config.time.timeZone}"
189      '' + optionalString (cfg.database.type == "oracle") ''
190        extension=${pkgs.phpPackages.oci8}/lib/php/extensions/oci8.so
191      '';
192      phpEnv.ZABBIX_CONFIG = "${zabbixConfig}";
193      settings = {
194        "listen.owner" = config.services.httpd.user;
195        "listen.group" = config.services.httpd.group;
196      } // cfg.poolConfig;
197    };
198
199    services.httpd = {
200      enable = true;
201      adminAddr = mkDefault cfg.virtualHost.adminAddr;
202      extraModules = [ "proxy_fcgi" ];
203      virtualHosts.${cfg.virtualHost.hostName} = mkMerge [ cfg.virtualHost {
204        documentRoot = mkForce "${cfg.package}/share/zabbix";
205        extraConfig = ''
206          <Directory "${cfg.package}/share/zabbix">
207            <FilesMatch "\.php$">
208              <If "-f %{REQUEST_FILENAME}">
209                SetHandler "proxy:unix:${fpm.socket}|fcgi://localhost/"
210              </If>
211            </FilesMatch>
212            AllowOverride all
213            Options -Indexes
214            DirectoryIndex index.php
215          </Directory>
216        '';
217      } ];
218    };
219
220    users.users.${user} = mapAttrs (name: mkDefault) {
221      description = "Zabbix daemon user";
222      uid = config.ids.uids.zabbix;
223      inherit group;
224    };
225
226    users.groups.${group} = mapAttrs (name: mkDefault) {
227      gid = config.ids.gids.zabbix;
228    };
229
230  };
231}