···
opt = options.services.grafana;
provisioningSettingsFormat = pkgs.formats.yaml {};
declarativePlugins = pkgs.linkFarm "grafana-plugins" (builtins.map (pkg: { name = pkg.pname; path = pkg; }) cfg.declarativePlugins);
10
-
useMysql = cfg.database.type == "mysql";
11
-
usePostgresql = cfg.database.type == "postgres";
14
-
PATHS_DATA = cfg.dataDir;
15
-
PATHS_PLUGINS = if builtins.isNull cfg.declarativePlugins then "${cfg.dataDir}/plugins" else declarativePlugins;
16
-
PATHS_LOGS = "${cfg.dataDir}/log";
18
-
SERVER_SERVE_FROM_SUBPATH = boolToString cfg.server.serveFromSubPath;
19
-
SERVER_PROTOCOL = cfg.protocol;
20
-
SERVER_HTTP_ADDR = cfg.addr;
21
-
SERVER_HTTP_PORT = cfg.port;
22
-
SERVER_SOCKET = cfg.socket;
23
-
SERVER_DOMAIN = cfg.domain;
24
-
SERVER_ROOT_URL = cfg.rootUrl;
25
-
SERVER_STATIC_ROOT_PATH = cfg.staticRootPath;
26
-
SERVER_CERT_FILE = cfg.certFile;
27
-
SERVER_CERT_KEY = cfg.certKey;
29
-
DATABASE_TYPE = cfg.database.type;
30
-
DATABASE_HOST = cfg.database.host;
31
-
DATABASE_NAME = cfg.database.name;
32
-
DATABASE_USER = cfg.database.user;
33
-
DATABASE_PASSWORD = cfg.database.password;
34
-
DATABASE_PATH = cfg.database.path;
35
-
DATABASE_CONN_MAX_LIFETIME = cfg.database.connMaxLifetime;
37
-
SECURITY_ADMIN_USER = cfg.security.adminUser;
38
-
SECURITY_ADMIN_PASSWORD = cfg.security.adminPassword;
39
-
SECURITY_SECRET_KEY = cfg.security.secretKey;
41
-
USERS_ALLOW_SIGN_UP = boolToString cfg.users.allowSignUp;
42
-
USERS_ALLOW_ORG_CREATE = boolToString cfg.users.allowOrgCreate;
43
-
USERS_AUTO_ASSIGN_ORG = boolToString cfg.users.autoAssignOrg;
44
-
USERS_AUTO_ASSIGN_ORG_ROLE = cfg.users.autoAssignOrgRole;
46
-
AUTH_DISABLE_LOGIN_FORM = boolToString cfg.auth.disableLoginForm;
48
-
AUTH_ANONYMOUS_ENABLED = boolToString cfg.auth.anonymous.enable;
49
-
AUTH_ANONYMOUS_ORG_NAME = cfg.auth.anonymous.org_name;
50
-
AUTH_ANONYMOUS_ORG_ROLE = cfg.auth.anonymous.org_role;
52
-
AUTH_AZUREAD_NAME = "Azure AD";
53
-
AUTH_AZUREAD_ENABLED = boolToString cfg.auth.azuread.enable;
54
-
AUTH_AZUREAD_ALLOW_SIGN_UP = boolToString cfg.auth.azuread.allowSignUp;
55
-
AUTH_AZUREAD_CLIENT_ID = cfg.auth.azuread.clientId;
56
-
AUTH_AZUREAD_SCOPES = "openid email profile";
57
-
AUTH_AZUREAD_AUTH_URL = "https://login.microsoftonline.com/${cfg.auth.azuread.tenantId}/oauth2/v2.0/authorize";
58
-
AUTH_AZUREAD_TOKEN_URL = "https://login.microsoftonline.com/${cfg.auth.azuread.tenantId}/oauth2/v2.0/token";
59
-
AUTH_AZUREAD_ALLOWED_DOMAINS = cfg.auth.azuread.allowedDomains;
60
-
AUTH_AZUREAD_ALLOWED_GROUPS = cfg.auth.azuread.allowedGroups;
61
-
AUTH_AZUREAD_ROLE_ATTRIBUTE_STRICT = false;
10
+
useMysql = cfg.settings.database.type == "mysql";
11
+
usePostgresql = cfg.settings.database.type == "postgres";
63
-
AUTH_GOOGLE_ENABLED = boolToString cfg.auth.google.enable;
64
-
AUTH_GOOGLE_ALLOW_SIGN_UP = boolToString cfg.auth.google.allowSignUp;
65
-
AUTH_GOOGLE_CLIENT_ID = cfg.auth.google.clientId;
67
-
ANALYTICS_REPORTING_ENABLED = boolToString cfg.analytics.reporting.enable;
69
-
SMTP_ENABLED = boolToString cfg.smtp.enable;
70
-
SMTP_HOST = cfg.smtp.host;
71
-
SMTP_USER = cfg.smtp.user;
72
-
SMTP_PASSWORD = cfg.smtp.password;
73
-
SMTP_FROM_ADDRESS = cfg.smtp.fromAddress;
74
-
} // cfg.extraOptions;
13
+
settingsFormatIni = pkgs.formats.ini {};
14
+
configFile = settingsFormatIni.generate "config.ini" cfg.settings;
datasourceConfiguration = {
···
278
-
options.services.grafana = {
279
-
enable = mkEnableOption (lib.mdDoc "grafana");
281
-
protocol = mkOption {
282
-
description = lib.mdDoc "Which protocol to listen.";
284
-
type = types.enum ["http" "https" "socket"];
288
-
description = lib.mdDoc "Listening address.";
289
-
default = "127.0.0.1";
294
-
description = lib.mdDoc "Listening port.";
299
-
socket = mkOption {
300
-
description = lib.mdDoc "Listening socket.";
301
-
default = "/run/grafana/grafana.sock";
305
-
domain = mkOption {
306
-
description = lib.mdDoc "The public facing domain name used to access grafana from a browser.";
307
-
default = "localhost";
311
-
rootUrl = mkOption {
312
-
description = lib.mdDoc "Full public facing url.";
313
-
default = "%(protocol)s://%(domain)s:%(http_port)s/";
317
-
certFile = mkOption {
318
-
description = lib.mdDoc "Cert file for ssl.";
219
+
(mkRenamedOptionModule [ "services" "grafana" "protocol" ] [ "services" "grafana" "settings" "server" "protocol" ])
220
+
(mkRenamedOptionModule [ "services" "grafana" "addr" ] [ "services" "grafana" "settings" "server" "http_addr" ])
221
+
(mkRenamedOptionModule [ "services" "grafana" "port" ] [ "services" "grafana" "settings" "server" "http_port" ])
222
+
(mkRenamedOptionModule [ "services" "grafana" "domain" ] [ "services" "grafana" "settings" "server" "domain" ])
223
+
(mkRenamedOptionModule [ "services" "grafana" "rootUrl" ] [ "services" "grafana" "settings" "server" "root_url" ])
224
+
(mkRenamedOptionModule [ "services" "grafana" "staticRootPath" ] [ "services" "grafana" "settings" "server" "static_root_path" ])
225
+
(mkRenamedOptionModule [ "services" "grafana" "certFile" ] [ "services" "grafana" "settings" "server" "cert_file" ])
226
+
(mkRenamedOptionModule [ "services" "grafana" "certKey" ] [ "services" "grafana" "settings" "server" "cert_key" ])
227
+
(mkRenamedOptionModule [ "services" "grafana" "socket" ] [ "services" "grafana" "settings" "server" "socket" ])
228
+
(mkRenamedOptionModule [ "services" "grafana" "database" "type" ] [ "services" "grafana" "settings" "database" "type" ])
229
+
(mkRenamedOptionModule [ "services" "grafana" "database" "host" ] [ "services" "grafana" "settings" "database" "host" ])
230
+
(mkRenamedOptionModule [ "services" "grafana" "database" "name" ] [ "services" "grafana" "settings" "database" "name" ])
231
+
(mkRenamedOptionModule [ "services" "grafana" "database" "user" ] [ "services" "grafana" "settings" "database" "user" ])
232
+
(mkRenamedOptionModule [ "services" "grafana" "database" "password" ] [ "services" "grafana" "settings" "database" "password" ])
233
+
(mkRenamedOptionModule [ "services" "grafana" "database" "path" ] [ "services" "grafana" "settings" "database" "path" ])
234
+
(mkRenamedOptionModule [ "services" "grafana" "database" "connMaxLifetime" ] [ "services" "grafana" "settings" "database" "conn_max_lifetime" ])
235
+
(mkRenamedOptionModule [ "services" "grafana" "security" "adminUser" ] [ "services" "grafana" "settings" "security" "admin_user" ])
236
+
(mkRenamedOptionModule [ "services" "grafana" "security" "adminPassword" ] [ "services" "grafana" "settings" "security" "admin_password" ])
237
+
(mkRenamedOptionModule [ "services" "grafana" "security" "secretKey" ] [ "services" "grafana" "settings" "security" "secret_key" ])
238
+
(mkRenamedOptionModule [ "services" "grafana" "server" "serveFromSubPath" ] [ "services" "grafana" "settings" "server" "serve_from_sub_path" ])
239
+
(mkRenamedOptionModule [ "services" "grafana" "smtp" "enable" ] [ "services" "grafana" "settings" "smtp" "enabled" ])
240
+
(mkRenamedOptionModule [ "services" "grafana" "smtp" "user" ] [ "services" "grafana" "settings" "smtp" "user" ])
241
+
(mkRenamedOptionModule [ "services" "grafana" "smtp" "password" ] [ "services" "grafana" "settings" "smtp" "password" ])
242
+
(mkRenamedOptionModule [ "services" "grafana" "smtp" "fromAddress" ] [ "services" "grafana" "settings" "smtp" "from_address" ])
243
+
(mkRenamedOptionModule [ "services" "grafana" "users" "allowSignUp" ] [ "services" "grafana" "settings" "users" "allow_sign_up" ])
244
+
(mkRenamedOptionModule [ "services" "grafana" "users" "allowOrgCreate" ] [ "services" "grafana" "settings" "users" "allow_org_create" ])
245
+
(mkRenamedOptionModule [ "services" "grafana" "users" "autoAssignOrg" ] [ "services" "grafana" "settings" "users" "auto_assign_org" ])
246
+
(mkRenamedOptionModule [ "services" "grafana" "users" "autoAssignOrgRole" ] [ "services" "grafana" "settings" "users" "auto_assign_org_role" ])
247
+
(mkRenamedOptionModule [ "services" "grafana" "auth" "disableLoginForm" ] [ "services" "grafana" "settings" "auth" "disable_login_form" ])
248
+
(mkRenamedOptionModule [ "services" "grafana" "auth" "anonymous" "enable" ] [ "services" "grafana" "settings" "auth" "anonymous" "enable" ])
249
+
(mkRenamedOptionModule [ "services" "grafana" "auth" "anonymous" "org_name" ] [ "services" "grafana" "settings" "auth" "anonymous" "org_name" ])
250
+
(mkRenamedOptionModule [ "services" "grafana" "auth" "anonymous" "org_role" ] [ "services" "grafana" "settings" "auth" "anonymous" "org_role" ])
251
+
(mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "enable" ] [ "services" "grafana" "settings" "auth" "azuread" "enable" ])
252
+
(mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "allowSignUp" ] [ "services" "grafana" "settings" "auth" "azuread" "allow_sign_up" ])
253
+
(mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "clientId" ] [ "services" "grafana" "settings" "auth" "azuread" "client_id" ])
254
+
(mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "allowedDomains" ] [ "services" "grafana" "settings" "auth" "azuread" "allowed_domains" ])
255
+
(mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "allowedGroups" ] [ "services" "grafana" "settings" "auth" "azuread" "allowed_groups" ])
256
+
(mkRenamedOptionModule [ "services" "grafana" "auth" "google" "enable" ] [ "services" "grafana" "settings" "auth" "google" "enable" ])
257
+
(mkRenamedOptionModule [ "services" "grafana" "auth" "google" "allowSignUp" ] [ "services" "grafana" "settings" "auth" "google" "allow_sign_up" ])
258
+
(mkRenamedOptionModule [ "services" "grafana" "auth" "google" "clientId" ] [ "services" "grafana" "settings" "auth" "google" "client_id" ])
259
+
(mkRenamedOptionModule [ "services" "grafana" "analytics" "reporting" "enable" ] [ "services" "grafana" "settings" "analytics" "reporting_enabled" ])
323
-
certKey = mkOption {
324
-
description = lib.mdDoc "Cert key for ssl.";
261
+
(mkRemovedOptionModule [ "services" "grafana" "database" "passwordFile" ] ''
262
+
This option has been removed. Use 'services.grafana.settings.database.password' with file provider instead.
264
+
(mkRemovedOptionModule [ "services" "grafana" "security" "adminPasswordFile" ] ''
265
+
This option has been removed. Use 'services.grafana.settings.security.admin_password' with file provider instead.
267
+
(mkRemovedOptionModule [ "services" "grafana" "security" "secretKeyFile" ] ''
268
+
This option has been removed. Use 'services.grafana.settings.security.secret_key' with file provider instead.
270
+
(mkRemovedOptionModule [ "services" "grafana" "smtp" "passwordFile" ] ''
271
+
This option has been removed. Use 'services.grafana.settings.smtp.password' with file provider instead.
273
+
(mkRemovedOptionModule [ "services" "grafana" "auth" "azuread" "clientSecretFile" ] ''
274
+
This option has been removed. Use 'services.grafana.settings.azuread.client_secret' with file provider instead.
276
+
(mkRemovedOptionModule [ "services" "grafana" "auth" "google" "clientSecretFile" ] ''
277
+
This option has been removed. Use 'services.grafana.settings.google.client_secret' with file provider instead.
329
-
staticRootPath = mkOption {
330
-
description = lib.mdDoc "Root path for static assets.";
331
-
default = "${cfg.package}/share/grafana/public";
332
-
defaultText = literalExpression ''"''${package}/share/grafana/public"'';
280
+
(mkRemovedOptionModule [ "services" "grafana" "auth" "azuread" "tenantId" ] "This option has been deprecated upstream.")
336
-
package = mkOption {
337
-
description = lib.mdDoc "Package to use.";
338
-
default = pkgs.grafana;
339
-
defaultText = literalExpression "pkgs.grafana";
340
-
type = types.package;
283
+
options.services.grafana = {
284
+
enable = mkEnableOption (lib.mdDoc "grafana");
declarativePlugins = mkOption {
type = with types; nullOr (listOf path);
···
apply = x: if isList x then lib.unique x else x;
297
+
package = mkOption {
298
+
description = lib.mdDoc "Package to use.";
299
+
default = pkgs.grafana;
300
+
defaultText = literalExpression "pkgs.grafana";
301
+
type = types.package;
description = lib.mdDoc "Data directory.";
default = "/var/lib/grafana";
362
-
description = lib.mdDoc "Database type.";
363
-
default = "sqlite3";
364
-
type = types.enum ["mysql" "sqlite3" "postgres"];
310
+
settings = mkOption {
311
+
description = lib.mdDoc ''
312
+
Grafana settings. See <https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/>
313
+
for available options. INI format is used.
315
+
type = types.submodule {
316
+
freeformType = settingsFormatIni.type;
368
-
description = lib.mdDoc "Database host.";
369
-
default = "127.0.0.1:3306";
320
+
plugins = mkOption {
321
+
description = lib.mdDoc "Directory where grafana will automatically scan and look for plugins";
322
+
default = if (cfg.declarativePlugins == null) then "${cfg.dataDir}/plugins" else declarativePlugins;
323
+
defaultText = literalExpression "if (cfg.declarativePlugins == null) then \"\${cfg.dataDir}/plugins\" else declarativePlugins";
327
+
provisioning = mkOption {
328
+
description = lib.mdDoc ''
329
+
Folder that contains provisioning config files that grafana will apply on startup and while running.
330
+
Don't change the value of this option if you are planning to use `services.grafana.provision` options.
332
+
default = provisionConfDir;
333
+
defaultText = literalExpression ''
334
+
pkgs.runCommand "grafana-provisioning" { } \'\'
335
+
mkdir -p $out/{datasources,dashboards,notifiers,alerting}
336
+
ln -sf ''${datasourceFile} $out/datasources/datasource.yaml
337
+
ln -sf ''${dashboardFile} $out/dashboards/dashboard.yaml
338
+
ln -sf ''${notifierFile} $out/notifiers/notifier.yaml
339
+
ln -sf ''${rulesFile} $out/alerting/rules.yaml
340
+
ln -sf ''${contactPointsFile} $out/alerting/contactPoints.yaml
341
+
ln -sf ''${policiesFile} $out/alerting/policies.yaml
342
+
ln -sf ''${templatesFile} $out/alerting/templates.yaml
343
+
ln -sf ''${muteTimingsFile} $out/alerting/muteTimings.yaml
351
+
protocol = mkOption {
352
+
description = lib.mdDoc "Which protocol to listen.";
354
+
type = types.enum ["http" "https" "socket"];
357
+
http_addr = mkOption {
358
+
description = lib.mdDoc "Listening address.";
363
+
http_port = mkOption {
364
+
description = lib.mdDoc "Listening port.";
369
+
domain = mkOption {
370
+
description = lib.mdDoc "The public facing domain name used to access grafana from a browser.";
371
+
default = "localhost";
375
+
root_url = mkOption {
376
+
description = lib.mdDoc "Full public facing url.";
377
+
default = "%(protocol)s://%(domain)s:%(http_port)s/";
381
+
static_root_path = mkOption {
382
+
description = lib.mdDoc "Root path for static assets.";
383
+
default = "${cfg.package}/share/grafana/public";
384
+
defaultText = literalExpression ''"''${package}/share/grafana/public"'';
388
+
enable_gzip = mkOption {
389
+
description = lib.mdDoc ''
390
+
Set this option to true to enable HTTP compression, this can improve transfer speed and bandwidth utilization.
391
+
It is recommended that most users set it to true. By default it is set to false for compatibility reasons.
397
+
cert_file = mkOption {
398
+
description = lib.mdDoc "Cert file for ssl.";
403
+
cert_key = mkOption {
404
+
description = lib.mdDoc "Cert key for ssl.";
409
+
socket = mkOption {
410
+
description = lib.mdDoc "Path where the socket should be created when protocol=socket. Make sure that Grafana has appropriate permissions before you change this setting.";
418
+
description = lib.mdDoc "Database type.";
419
+
default = "sqlite3";
420
+
type = types.enum ["mysql" "sqlite3" "postgres"];
424
+
description = lib.mdDoc "Database host.";
425
+
default = "127.0.0.1:3306";
430
+
description = lib.mdDoc "Database name.";
431
+
default = "grafana";
436
+
description = lib.mdDoc "Database user.";
441
+
password = mkOption {
442
+
description = lib.mdDoc ''
443
+
Database password. Please note that the contents of this option
444
+
will end up in a world-readable Nix store. Use the file provider
445
+
pointing at a reasonably secured file in the local filesystem
446
+
to work around that. Look at the documentation for details:
447
+
<https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider>
454
+
description = lib.mdDoc "Only applicable to sqlite3 database. The file path where the database will be stored.";
455
+
default = "${cfg.dataDir}/data/grafana.db";
456
+
defaultText = literalExpression ''"''${config.${opt.dataDir}}/data/grafana.db"'';
462
+
admin_user = mkOption {
463
+
description = lib.mdDoc "Default admin username.";
468
+
admin_password = mkOption {
469
+
description = lib.mdDoc ''
470
+
Default admin password. Please note that the contents of this option
471
+
will end up in a world-readable Nix store. Use the file provider
472
+
pointing at a reasonably secured file in the local filesystem
473
+
to work around that. Look at the documentation for details:
474
+
<https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider>
480
+
secret_key = mkOption {
481
+
description = lib.mdDoc ''
482
+
Secret key used for signing. Please note that the contents of this option
483
+
will end up in a world-readable Nix store. Use the file provider
484
+
pointing at a reasonably secured file in the local filesystem
485
+
to work around that. Look at the documentation for details:
486
+
<https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider>
488
+
default = "SW2YcwTIb9zpOOhoPsMm";
374
-
description = lib.mdDoc "Database name.";
375
-
default = "grafana";
494
+
enabled = mkOption {
495
+
description = lib.mdDoc "Whether to enable SMTP.";
500
+
description = lib.mdDoc "Host to connect to.";
501
+
default = "localhost:25";
505
+
description = lib.mdDoc "User used for authentication.";
509
+
password = mkOption {
510
+
description = lib.mdDoc ''
511
+
Password used for authentication. Please note that the contents of this option
512
+
will end up in a world-readable Nix store. Use the file provider
513
+
pointing at a reasonably secured file in the local filesystem
514
+
to work around that. Look at the documentation for details:
515
+
<https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider>
520
+
from_address = mkOption {
521
+
description = lib.mdDoc "Email address used for sending.";
522
+
default = "admin@grafana.localhost";
380
-
description = lib.mdDoc "Database user.";
528
+
allow_sign_up = mkOption {
529
+
description = lib.mdDoc "Disable user signup / registration.";
385
-
password = mkOption {
386
-
description = lib.mdDoc ''
388
-
This option is mutual exclusive with the passwordFile option.
534
+
allow_org_create = mkOption {
535
+
description = lib.mdDoc "Whether user is allowed to create organizations.";
394
-
passwordFile = mkOption {
395
-
description = lib.mdDoc ''
396
-
File that containts the database password.
397
-
This option is mutual exclusive with the password option.
400
-
type = types.nullOr types.path;
540
+
auto_assign_org = mkOption {
541
+
description = lib.mdDoc "Whether to automatically assign new users to default org.";
404
-
description = lib.mdDoc "Database path.";
405
-
default = "${cfg.dataDir}/data/grafana.db";
406
-
defaultText = literalExpression ''"''${config.${opt.dataDir}}/data/grafana.db"'';
546
+
auto_assign_org_role = mkOption {
547
+
description = lib.mdDoc "Default role new users will be auto assigned.";
548
+
default = "Viewer";
549
+
type = types.enum ["Viewer" "Editor"];
410
-
connMaxLifetime = mkOption {
411
-
description = lib.mdDoc ''
412
-
Sets the maximum amount of time (in seconds) a connection may be reused.
413
-
For MySQL this setting should be shorter than the `wait_timeout` variable.
415
-
default = "unlimited";
417
-
type = types.either types.int (types.enum [ "unlimited" ]);
553
+
analytics.reporting_enabled = mkOption {
554
+
description = lib.mdDoc "Whether to allow anonymous usage reporting to stats.grafana.net.";
···
1019
-
adminUser = mkOption {
1020
-
description = lib.mdDoc "Default admin username.";
1021
-
default = "admin";
1025
-
adminPassword = mkOption {
1026
-
description = lib.mdDoc ''
1027
-
Default admin password.
1028
-
This option is mutual exclusive with the adminPasswordFile option.
1030
-
default = "admin";
1034
-
adminPasswordFile = mkOption {
1035
-
description = lib.mdDoc ''
1036
-
Default admin password.
1037
-
This option is mutual exclusive with the `adminPassword` option.
1040
-
type = types.nullOr types.path;
1043
-
secretKey = mkOption {
1044
-
description = lib.mdDoc "Secret key used for signing.";
1045
-
default = "SW2YcwTIb9zpOOhoPsMm";
1049
-
secretKeyFile = mkOption {
1050
-
description = lib.mdDoc "Secret key used for signing.";
1052
-
type = types.nullOr types.path;
1057
-
serveFromSubPath = mkOption {
1058
-
description = lib.mdDoc "Serve Grafana from subpath specified in rootUrl setting";
1060
-
type = types.bool;
1065
-
enable = mkEnableOption (lib.mdDoc "smtp");
1067
-
description = lib.mdDoc "Host to connect to.";
1068
-
default = "localhost:25";
1072
-
description = lib.mdDoc "User used for authentication.";
1076
-
password = mkOption {
1077
-
description = lib.mdDoc ''
1078
-
Password used for authentication.
1079
-
This option is mutual exclusive with the passwordFile option.
1084
-
passwordFile = mkOption {
1085
-
description = lib.mdDoc ''
1086
-
Password used for authentication.
1087
-
This option is mutual exclusive with the password option.
1090
-
type = types.nullOr types.path;
1092
-
fromAddress = mkOption {
1093
-
description = lib.mdDoc "Email address used for sending.";
1094
-
default = "admin@grafana.localhost";
1100
-
allowSignUp = mkOption {
1101
-
description = lib.mdDoc "Disable user signup / registration.";
1103
-
type = types.bool;
1106
-
allowOrgCreate = mkOption {
1107
-
description = lib.mdDoc "Whether user is allowed to create organizations.";
1109
-
type = types.bool;
1112
-
autoAssignOrg = mkOption {
1113
-
description = lib.mdDoc "Whether to automatically assign new users to default org.";
1115
-
type = types.bool;
1118
-
autoAssignOrgRole = mkOption {
1119
-
description = lib.mdDoc "Default role new users will be auto assigned.";
1120
-
default = "Viewer";
1121
-
type = types.enum ["Viewer" "Editor"];
1126
-
disableLoginForm = mkOption {
1127
-
description = lib.mdDoc "Set to true to disable (hide) the login form, useful if you use OAuth";
1129
-
type = types.bool;
1133
-
enable = mkOption {
1134
-
description = lib.mdDoc "Whether to allow anonymous access.";
1136
-
type = types.bool;
1138
-
org_name = mkOption {
1139
-
description = lib.mdDoc "Which organization to allow anonymous access to.";
1140
-
default = "Main Org.";
1143
-
org_role = mkOption {
1144
-
description = lib.mdDoc "Which role anonymous users have in the organization.";
1145
-
default = "Viewer";
1150
-
enable = mkOption {
1151
-
description = lib.mdDoc "Whether to allow Azure AD OAuth.";
1153
-
type = types.bool;
1155
-
allowSignUp = mkOption {
1156
-
description = lib.mdDoc "Whether to allow sign up with Azure AD OAuth.";
1158
-
type = types.bool;
1160
-
clientId = mkOption {
1161
-
description = lib.mdDoc "Azure AD OAuth client ID.";
1165
-
clientSecretFile = mkOption {
1166
-
description = lib.mdDoc "Azure AD OAuth client secret.";
1168
-
type = types.nullOr types.path;
1170
-
tenantId = mkOption {
1171
-
description = lib.mdDoc ''
1172
-
Tenant id used to create auth and token url. Default to "common"
1173
-
, let user sign in with any tenant.
1175
-
default = "common";
1178
-
allowedDomains = mkOption {
1179
-
description = lib.mdDoc ''
1180
-
Limits access to users who belong to specific domains.
1181
-
Separate domains with space or comma.
1186
-
allowedGroups = mkOption {
1187
-
description = lib.mdDoc ''
1188
-
To limit access to authenticated users who are members of one or more groups,
1189
-
set allowedGroups to a comma- or space-separated list of group object IDs.
1190
-
You can find object IDs for a specific group on the Azure portal.
1197
-
enable = mkOption {
1198
-
description = lib.mdDoc "Whether to allow Google OAuth2.";
1200
-
type = types.bool;
1202
-
allowSignUp = mkOption {
1203
-
description = lib.mdDoc "Whether to allow sign up with Google OAuth2.";
1205
-
type = types.bool;
1207
-
clientId = mkOption {
1208
-
description = lib.mdDoc "Google OAuth2 client ID.";
1212
-
clientSecretFile = mkOption {
1213
-
description = lib.mdDoc "Google OAuth2 client secret.";
1215
-
type = types.nullOr types.path;
1220
-
analytics.reporting = {
1221
-
enable = mkOption {
1222
-
description = lib.mdDoc "Whether to allow anonymous usage reporting to stats.grafana.net.";
1224
-
type = types.bool;
1228
-
extraOptions = mkOption {
1229
-
description = lib.mdDoc ''
1230
-
Extra configuration options passed as env variables as specified in
1231
-
[documentation](http://docs.grafana.org/installation/configuration/),
1232
-
but without GF_ prefix
1235
-
type = with types; attrsOf (either str path);
config = mkIf cfg.enable {
1242
-
cfg.database.password != opt.database.password.default ||
1243
-
cfg.security.adminPassword != opt.security.adminPassword.default
1244
-
) "Grafana passwords will be stored as plaintext in the Nix store!")
1163
+
cfg.settings.database.password != "" ||
1164
+
cfg.settings.security.admin_password != "admin"
1165
+
) "Grafana passwords will be stored as plaintext in the Nix store! Use file provider instead.")
checkOpts = opt: any (x: x.password != null || x.basicAuthPassword != null || x.secureJsonData != null) opt;
···
1280
-
assertion = cfg.database.password != opt.database.password.default -> cfg.database.passwordFile == null;
1281
-
message = "Cannot set both password and passwordFile";
1284
-
assertion = cfg.security.adminPassword != opt.security.adminPassword.default -> cfg.security.adminPasswordFile == null;
1285
-
message = "Cannot set both adminPassword and adminPasswordFile";
1288
-
assertion = cfg.security.secretKey != opt.security.secretKey.default -> cfg.security.secretKeyFile == null;
1289
-
message = "Cannot set both secretKey and secretKeyFile";
1292
-
assertion = cfg.smtp.password != opt.smtp.password.default -> cfg.smtp.passwordFile == null;
1293
-
message = "Cannot set both password and passwordFile";
assertion = if (builtins.isList cfg.provision.datasources) then true else cfg.provision.datasources.settings == null || cfg.provision.datasources.path == null;
message = "Cannot set both datasources settings and datasources path";
···
description = "Grafana Service Daemon";
wantedBy = ["multi-user.target"];
after = ["networking.target"] ++ lib.optional usePostgresql "postgresql.service" ++ lib.optional useMysql "mysql.service";
1340
-
QT_QPA_PLATFORM = "offscreen";
1341
-
} // mapAttrs' (n: v: nameValuePair "GF_${n}" (toString v)) envOptions;
set -o errexit -o pipefail -o nounset -o errtrace
1346
-
${optionalString (cfg.auth.azuread.clientSecretFile != null) ''
1347
-
GF_AUTH_AZUREAD_CLIENT_SECRET="$(<${escapeShellArg cfg.auth.azuread.clientSecretFile})"
1348
-
export GF_AUTH_AZUREAD_CLIENT_SECRET
1350
-
${optionalString (cfg.auth.google.clientSecretFile != null) ''
1351
-
GF_AUTH_GOOGLE_CLIENT_SECRET="$(<${escapeShellArg cfg.auth.google.clientSecretFile})"
1352
-
export GF_AUTH_GOOGLE_CLIENT_SECRET
1354
-
${optionalString (cfg.database.passwordFile != null) ''
1355
-
GF_DATABASE_PASSWORD="$(<${escapeShellArg cfg.database.passwordFile})"
1356
-
export GF_DATABASE_PASSWORD
1358
-
${optionalString (cfg.security.adminPasswordFile != null) ''
1359
-
GF_SECURITY_ADMIN_PASSWORD="$(<${escapeShellArg cfg.security.adminPasswordFile})"
1360
-
export GF_SECURITY_ADMIN_PASSWORD
1362
-
${optionalString (cfg.security.secretKeyFile != null) ''
1363
-
GF_SECURITY_SECRET_KEY="$(<${escapeShellArg cfg.security.secretKeyFile})"
1364
-
export GF_SECURITY_SECRET_KEY
1366
-
${optionalString (cfg.smtp.passwordFile != null) ''
1367
-
GF_SMTP_PASSWORD="$(<${escapeShellArg cfg.smtp.passwordFile})"
1368
-
export GF_SMTP_PASSWORD
1370
-
${optionalString cfg.provision.enable ''
1371
-
export GF_PATHS_PROVISIONING=${provisionConfDir};
1373
-
exec ${cfg.package}/bin/grafana-server -homepath ${cfg.dataDir}
1248
+
exec ${cfg.package}/bin/grafana-server -homepath ${cfg.dataDir} -config ${configFile}
WorkingDirectory = cfg.dataDir;
pyrox.dev