···
phpfpmSocketName = "/var/run/phpfpm/${poolName}.sock";
6
-
formatBool = b: if b then "1" else "0";
9
-
config = cfg.generalConfig;
12
-
show_stacktraces = "${formatBool config.showStacktraces}"
13
-
show_application_state_messages = "${formatBool config.showApplicationStateMessages}"
14
-
module_path = "${pkgs.icingaweb2}/modules${optionalString (builtins.length config.modulePath > 0) ":${concatStringsSep ":" config.modulePath}"}"
15
-
config_backend = "${config.configBackend}"
16
-
${optionalString (config.configBackend == "db") ''config_resource = "${config.configResource}"''}
19
-
log = "${config.log}"
20
-
${optionalString (config.log != "none") ''level = "${config.logLevel}"''}
21
-
${optionalString (config.log == "php" || config.log == "syslog") ''application = "${config.logApplication}"''}
22
-
${optionalString (config.log == "syslog") ''facility = "${config.logFacility}"''}
23
-
${optionalString (config.log == "file") ''file = "${config.logFile}"''}
26
-
default = "${config.themeDefault}"
27
-
disabled = "${formatBool config.themeDisabled}"
30
-
${optionalString (config.authDefaultDomain != null) ''default_domain = "${config.authDefaultDomain}"''}
33
-
resourcesIni = concatStringsSep "\n" (mapAttrsToList (name: config: ''
35
-
type = "${config.type}"
36
-
${optionalString (config.type == "db") ''
38
-
host = "${config.host}"
39
-
${optionalString (config.port != null) ''port = "${toString config.port}"''}
40
-
username = "${config.username}"
41
-
password = "${config.password}"
42
-
dbname = "${config.dbname}"
43
-
${optionalString (config.charset != null) ''charset = "${config.charset}"''}
44
-
use_ssl = "${formatBool config.useSSL}"
45
-
${optionalString (config.sslCert != null) ''ssl_cert = "${config.sslCert}"''}
46
-
${optionalString (config.sslKey != null) ''ssl_cert = "${config.sslKey}"''}
47
-
${optionalString (config.sslCA != null) ''ssl_cert = "${config.sslCA}"''}
48
-
${optionalString (config.sslCApath != null) ''ssl_cert = "${config.sslCApath}"''}
49
-
${optionalString (config.sslCipher != null) ''ssl_cert = "${config.sslCipher}"''}
51
-
${optionalString (config.type == "ldap") ''
52
-
hostname = "${config.host}"
53
-
${optionalString (config.port != null) ''port = "${toString config.port}"''}
54
-
root_dn = "${config.rootDN}"
55
-
bind_dn = "${config.username}"
56
-
bind_pw = "${config.password}"
57
-
encryption = "${config.ldapEncryption}"
58
-
timeout = "${toString config.ldapTimeout}"
60
-
${optionalString (config.type == "ssh") ''
61
-
user = "${config.username}"
62
-
private_key = "${config.sshPrivateKey}"
67
-
authenticationIni = concatStringsSep "\n" (mapAttrsToList (name: config: ''
69
-
backend = "${config.backend}"
70
-
${optionalString (config.domain != null) ''domain = "${config.domain}"''}
71
-
${optionalString (config.backend == "external" && config.externalStripRegex != null) ''strip_username_regexp = "${config.externalStripRegex}"''}
72
-
${optionalString (config.backend != "external") ''resource = "${config.resource}"''}
73
-
${optionalString (config.backend == "ldap" || config.backend == "msldap") ''
74
-
${optionalString (config.ldapUserClass != null) ''user_class = "${config.ldapUserClass}"''}
75
-
${optionalString (config.ldapUserNameAttr != null) ''user_name_attribute = "${config.ldapUserNameAttr}"''}
76
-
${optionalString (config.ldapFilter != null) ''filter = "${config.ldapFilter}"''}
78
-
'') cfg.authentications);
80
-
groupsIni = concatStringsSep "\n" (mapAttrsToList (name: config: ''
82
-
backend = "${config.backend}"
83
-
resource = "${config.resource}"
84
-
${optionalString (config.backend != "db") ''
85
-
${optionalString (config.ldapUserClass != null) ''user_class = "${config.ldapUserClass}"''}
86
-
${optionalString (config.ldapUserNameAttr != null) ''user_name_attribute = "${config.ldapUserNameAttr}"''}
87
-
${optionalString (config.ldapGroupClass != null) ''group_class = "${config.ldapGroupClass}"''}
88
-
${optionalString (config.ldapGroupNameAttr != null) ''group_name_attribute = "${config.ldapGroupNameAttr}"''}
89
-
${optionalString (config.ldapGroupFilter != null) ''group_filter = "${config.ldapGroupFilter}"''}
91
-
${optionalString (config.backend == "msldap" && config.ldapNestedSearch) ''nested_group_search = "1"''}
92
-
'') cfg.groupBackends);
95
-
optionalList = var: attribute: optionalString (builtins.length var > 0) ''${attribute} = "${concatStringsSep "," var}"'';
96
-
in concatStringsSep "\n" (mapAttrsToList (name: config: ''
98
-
${optionalList config.users "users"}
99
-
${optionalList config.groups "groups"}
100
-
${optionalList config.permissions "permissions"}
101
-
${optionalList config.permissions "permissions"}
102
-
${concatStringsSep "\n" (mapAttrsToList (key: value: optionalList value key) config.extraAssignments)}
8
+
module_path = "${pkgs.icingaweb2}/modules${optionalString (builtins.length config.modulePath > 0) ":${concatStringsSep ":" config.modulePath}"}";
options.services.icingaweb2 = with types; {
enable = mkEnableOption "the icingaweb2 web interface";
111
-
default = "${poolName}";
Name of existing PHP-FPM pool that is used to run Icingaweb2.
If not specified, a pool will automatically created with default values.
···
example = literalExample ''
146
-
"snow" = pkgs.icingaweb2Modules.theme-snow;
52
+
"snow" = icingaweb2Modules.theme-snow;
···
157
-
mutable = mkOption {
161
-
Make config.ini mutable (e.g. via the web interface).
162
-
Not that you need to update module_path manually.
166
-
showStacktraces = mkOption {
169
-
description = "Enable stack traces in the Web UI";
172
-
showApplicationStateMessages = mkOption {
175
-
description = "Enable application state messages in the Web UI";
178
-
modulePath = mkOption {
181
-
description = "List of additional module search paths";
184
-
configBackend = mkOption {
185
-
type = enum [ "ini" "db" "none" ];
187
-
description = "Where to store user preferences";
190
-
configResource = mkOption {
193
-
description = "Database resource where user preferences are stored (if they are stored in a database)";
197
-
type = enum [ "syslog" "php" "file" "none" ];
198
-
default = "syslog";
199
-
description = "Logging target";
202
-
logLevel = mkOption {
203
-
type = enum [ "ERROR" "WARNING" "INFO" "DEBUG" ];
205
-
description = "Maximum logging level to emit";
208
-
logApplication = mkOption {
210
-
default = "icingaweb2";
211
-
description = "Application name to log under (syslog and php log)";
62
+
generalConfig = mkOption {
63
+
type = nullOr attrs;
67
+
showStacktraces = 1;
68
+
config_resource = "icingaweb_db";
76
+
config.ini contents.
77
+
Will automatically be converted to a .ini file.
78
+
If you don't set global.module_path, the module will take care of it.
214
-
logFacility = mkOption {
215
-
type = enum [ "user" "local0" "local1" "local2" "local3" "local4" "local5" "local6" "local7" ];
217
-
description = "Syslog facility to log to";
220
-
logFile = mkOption {
222
-
default = "/var/log/icingaweb2/icingaweb2.log";
223
-
description = "File to log to";
226
-
themeDefault = mkOption {
228
-
default = "Icinga";
229
-
description = "Name of the default theme";
232
-
themeDisabled = mkOption {
235
-
description = "Disallow users to change the theme";
238
-
authDefaultDomain = mkOption {
241
-
description = "Domain for users logging in without a qualified domain";
245
-
mutableResources = mkOption {
248
-
description = "Make resources.ini mutable (e.g. via the web interface)";
80
+
If the value is null, no config.ini is created and you can
81
+
modify it manually (e.g. via the web interface).
82
+
Note that you need to update module_path manually.
253
-
description = "Icingaweb 2 resources to define";
254
-
type = attrsOf (submodule ({ name, ... }: {
260
-
description = "Name of this resource";
264
-
type = enum [ "db" "ldap" "ssh" ];
266
-
description = "Type of this resouce";
270
-
type = enum [ "mysql" "pgsql" ];
272
-
description = "Type of this database resource";
277
-
description = "Host to connect to";
281
-
type = nullOr port;
283
-
description = "Port to connect on";
286
-
username = mkOption {
288
-
description = "Database or SSH user or LDAP bind DN to connect with";
291
-
password = mkOption {
293
-
description = "Password for the database user or LDAP bind DN";
296
-
dbname = mkOption {
298
-
description = "Name of the database to connect to";
301
-
charset = mkOption {
305
-
description = "Database character set to connect with";
308
-
useSSL = mkOption {
309
-
type = nullOr bool;
311
-
description = "Whether to connect to the database using SSL";
314
-
sslCert = mkOption {
317
-
description = "The file path to the SSL certificate. Only available for the mysql database.";
320
-
sslKey = mkOption {
323
-
description = "The file path to the SSL key. Only available for the mysql database.";
329
-
description = "The file path to the SSL certificate authority. Only available for the mysql database.";
332
-
sslCApath = mkOption {
335
-
description = "The file path to the directory that contains the trusted SSL CA certificates in PEM format. Only available for the mysql database.";
338
-
sslCipher = mkOption {
341
-
description = "A list of one or more permissible ciphers to use for SSL encryption, in a format understood by OpenSSL. Only available for the mysql database.";
344
-
rootDN = mkOption {
346
-
description = "Root object of the LDAP tree";
349
-
ldapEncryption = mkOption {
350
-
type = enum [ "none" "starttls" "ldaps" ];
352
-
description = "LDAP encryption to use";
355
-
ldapTimeout = mkOption {
356
-
type = ints.positive;
358
-
description = "Connection timeout for every LDAP connection";
361
-
sshPrivateKey = mkOption {
363
-
description = "The path to the private key of the user";
87
+
type = nullOr attrs;
94
+
username = "icingaweb2";
95
+
password = "icingaweb2";
96
+
dbname = "icingaweb2";
100
+
resources.ini contents.
101
+
Will automatically be converted to a .ini file.
369
-
mutableAuthConfig = mkOption {
372
-
description = "Make authentication.ini mutable (e.g. via the web interface)";
103
+
If the value is null, no resources.ini is created and you can
104
+
modify it manually (e.g. via the web interface).
105
+
Note that if you set passwords here, they will go into the nix store.
authentications = mkOption {
377
-
description = "Icingaweb 2 authentications to define";
378
-
type = attrsOf (submodule ({ name, ... }: {
384
-
description = "Name of this authentication";
387
-
backend = mkOption {
388
-
type = enum [ "external" "ldap" "msldap" "db" ];
390
-
description = "The type of this authentication backend";
393
-
domain = mkOption {
396
-
description = "Domain for domain-aware authentication";
399
-
externalStripRegex = mkOption {
402
-
description = "Regular expression to strip off specific user name parts";
405
-
resource = mkOption {
407
-
description = "Name of the database/LDAP resource";
410
-
ldapUserClass = mkOption {
413
-
description = "LDAP user class";
416
-
ldapUserNameAttr = mkOption {
419
-
description = "LDAP attribute which contains the username";
422
-
ldapFilter = mkOption {
425
-
description = "LDAP search filter";
110
+
type = nullOr attrs;
115
+
resource = "icingaweb_db";
119
+
authentication.ini contents.
120
+
Will automatically be converted to a .ini file.
431
-
mutableGroupsConfig = mkOption {
434
-
description = "Make groups.ini mutable (e.g. via the web interface)";
122
+
If the value is null, no authentication.ini is created and you can
123
+
modify it manually (e.g. via the web interface).
groupBackends = mkOption {
439
-
description = "Icingaweb 2 group backends to define";
440
-
type = attrsOf (submodule ({ name, ... }: {
446
-
description = "Name of this group backend";
449
-
backend = mkOption {
450
-
type = enum [ "ldap" "msldap" "db" ];
452
-
description = "The type of this group backend";
455
-
resource = mkOption {
457
-
description = "Name of the database/LDAP resource";
460
-
ldapUserClass = mkOption {
463
-
description = "LDAP user class";
466
-
ldapUserNameAttr = mkOption {
469
-
description = "LDAP attribute which contains the username";
472
-
ldapGroupClass = mkOption {
475
-
description = "LDAP group class";
478
-
ldapGroupNameAttr = mkOption {
481
-
description = "LDAP attribute which contains the groupname";
484
-
ldapGroupFilter = mkOption {
487
-
description = "LDAP group search filter";
490
-
ldapNestedSearch = mkOption {
493
-
description = "Enable nested group search in Active Directory based on the user";
128
+
type = nullOr attrs;
133
+
resource = "icingaweb_db";
137
+
groups.ini contents.
138
+
Will automatically be converted to a .ini file.
499
-
mutableRolesConfig = mkOption {
502
-
description = "Make roles.ini mutable (e.g. via the web interface)";
140
+
If the value is null, no groups.ini is created and you can
141
+
modify it manually (e.g. via the web interface).
507
-
description = "Icingaweb 2 roles to define";
508
-
type = attrsOf (submodule ({ name, ... }: {
514
-
description = "Name of this role";
146
+
type = nullOr attrs;
155
+
roles.ini contents.
156
+
Will automatically be converted to a .ini file.
520
-
description = "List of users that are assigned to the role";
523
-
groups = mkOption {
526
-
description = "List of groups that are assigned to the role";
529
-
permissions = mkOption {
532
-
example = [ "application/share/navigation" "config/*" ];
533
-
description = "The permissions to grant";
536
-
extraAssignments = mkOption {
537
-
type = attrsOf (listOf str);
539
-
example = { "monitoring/blacklist/properties" = [ "sla" "customer"]; };
540
-
description = "Additional assignments of this role";
158
+
If the value is null, no roles.ini is created and you can
159
+
modify it manually (e.g. via the web interface).
config = mkIf cfg.enable {
services.phpfpm.poolConfigs = mkIf (cfg.pool == "${poolName}") {
550
-
listen = phpfpmSocketName;
552
-
extension = ${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so
553
-
date.timezone = "${cfg.timezone}"
556
-
listen.owner = nginx
557
-
listen.group = nginx
561
-
pm.max_children = 75
562
-
pm.start_servers = 2
563
-
pm.min_spare_servers = 2
564
-
pm.max_spare_servers = 10
167
+
listen = "${phpfpmSocketName}"
168
+
listen.owner = nginx
169
+
listen.group = nginx
173
+
pm.max_children = 75
174
+
pm.start_servers = 2
175
+
pm.min_spare_servers = 2
176
+
pm.max_spare_servers = 10
180
+
services.phpfpm.phpOptions = mkIf (cfg.pool == "${poolName}")
182
+
extension = ${pkgs.phpPackages.imagick}/lib/php/extensions/imagick.so
183
+
date.timezone = "${cfg.timezone}"
systemd.services."phpfpm-${poolName}".serviceConfig.ReadWritePaths = [ "/etc/icingaweb2" ];
···
// doModule "translation"
612
-
// optionalAttrs (!cfg.generalConfig.mutable) { "icingaweb2/config.ini".text = configIni; }
613
-
// optionalAttrs (!cfg.mutableResources) { "icingaweb2/resources.ini".text = resourcesIni; }
614
-
// optionalAttrs (!cfg.mutableAuthConfig) { "icingaweb2/authentication.ini".text = authenticationIni; }
615
-
// optionalAttrs (!cfg.mutableGroupsConfig) { "icingaweb2/groups.ini".text = groupsIni; }
616
-
// optionalAttrs (!cfg.mutableRolesConfig) { "icingaweb2/roles.ini".text = rolesIni; };
229
+
// optionalAttrs (cfg.generalConfig != null) { "icingaweb2/config.ini".text = generators.toINI {} (defaultConfig // cfg.generalConfig); }
230
+
// optionalAttrs (cfg.resources != null) { "icingaweb2/resources.ini".text = generators.toINI {} cfg.resources; }
231
+
// optionalAttrs (cfg.authentications != null) { "icingaweb2/authentication.ini".text = generators.toINI {} cfg.authentications; }
232
+
// optionalAttrs (cfg.groupBackends != null) { "icingaweb2/groups.ini".text = generators.toINI {} cfg.groupBackends; }
233
+
// optionalAttrs (cfg.roles != null) { "icingaweb2/roles.ini".text = generators.toINI {} cfg.roles; };
users.groups.icingaweb2 = {};
pyrox.dev