2021-12-05 20:45:35 +00:00
|
|
|
{ config, lib, options, pkgs, ... }:
|
2015-09-18 22:18:43 +00:00
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
let
|
|
|
|
cfg = config.services.kibana;
|
2021-12-05 20:45:35 +00:00
|
|
|
opt = options.services.kibana;
|
2015-09-18 22:18:43 +00:00
|
|
|
|
2019-04-14 19:39:46 +00:00
|
|
|
ge7 = builtins.compareVersions cfg.package.version "7" >= 0;
|
|
|
|
lt6_6 = builtins.compareVersions cfg.package.version "6.6" < 0;
|
|
|
|
|
2018-08-03 10:24:38 +00:00
|
|
|
cfgFile = pkgs.writeText "kibana.json" (builtins.toJSON (
|
2019-09-07 12:24:24 +00:00
|
|
|
(filterAttrsRecursive (n: v: v != null && v != []) ({
|
2017-06-13 20:36:08 +00:00
|
|
|
server.host = cfg.listenAddress;
|
|
|
|
server.port = cfg.port;
|
|
|
|
server.ssl.certificate = cfg.cert;
|
|
|
|
server.ssl.key = cfg.key;
|
|
|
|
|
|
|
|
kibana.index = cfg.index;
|
|
|
|
kibana.defaultAppId = cfg.defaultAppId;
|
|
|
|
|
|
|
|
elasticsearch.url = cfg.elasticsearch.url;
|
2019-04-14 19:39:46 +00:00
|
|
|
elasticsearch.hosts = cfg.elasticsearch.hosts;
|
2017-06-13 20:36:08 +00:00
|
|
|
elasticsearch.username = cfg.elasticsearch.username;
|
|
|
|
elasticsearch.password = cfg.elasticsearch.password;
|
|
|
|
|
|
|
|
elasticsearch.ssl.certificate = cfg.elasticsearch.cert;
|
|
|
|
elasticsearch.ssl.key = cfg.elasticsearch.key;
|
|
|
|
elasticsearch.ssl.certificateAuthorities = cfg.elasticsearch.certificateAuthorities;
|
|
|
|
} // cfg.extraConf)
|
|
|
|
)));
|
|
|
|
|
2015-09-18 22:18:43 +00:00
|
|
|
in {
|
|
|
|
options.services.kibana = {
|
2022-08-28 19:18:44 +00:00
|
|
|
enable = mkEnableOption (lib.mdDoc "kibana service");
|
2015-09-18 22:18:43 +00:00
|
|
|
|
2015-12-23 23:28:27 +00:00
|
|
|
listenAddress = mkOption {
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc "Kibana listening host";
|
2015-09-18 22:18:43 +00:00
|
|
|
default = "127.0.0.1";
|
|
|
|
type = types.str;
|
|
|
|
};
|
|
|
|
|
|
|
|
port = mkOption {
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc "Kibana listening port";
|
2015-09-18 22:18:43 +00:00
|
|
|
default = 5601;
|
|
|
|
type = types.int;
|
|
|
|
};
|
|
|
|
|
|
|
|
cert = mkOption {
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc "Kibana ssl certificate.";
|
2015-09-18 22:18:43 +00:00
|
|
|
default = null;
|
|
|
|
type = types.nullOr types.path;
|
|
|
|
};
|
|
|
|
|
|
|
|
key = mkOption {
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc "Kibana ssl key.";
|
2015-09-18 22:18:43 +00:00
|
|
|
default = null;
|
|
|
|
type = types.nullOr types.path;
|
|
|
|
};
|
|
|
|
|
|
|
|
index = mkOption {
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc "Elasticsearch index to use for saving kibana config.";
|
2015-09-18 22:18:43 +00:00
|
|
|
default = ".kibana";
|
|
|
|
type = types.str;
|
|
|
|
};
|
|
|
|
|
|
|
|
defaultAppId = mkOption {
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc "Elasticsearch default application id.";
|
2015-09-18 22:18:43 +00:00
|
|
|
default = "discover";
|
|
|
|
type = types.str;
|
|
|
|
};
|
|
|
|
|
|
|
|
elasticsearch = {
|
|
|
|
url = mkOption {
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc ''
|
2019-04-14 19:39:46 +00:00
|
|
|
Elasticsearch url.
|
|
|
|
|
2022-07-28 21:19:15 +00:00
|
|
|
Defaults to `"http://localhost:9200"`.
|
2019-04-14 19:39:46 +00:00
|
|
|
|
|
|
|
Don't set this when using Kibana >= 7.0.0 because it will result in a
|
2022-07-28 21:19:15 +00:00
|
|
|
configuration error. Use {option}`services.kibana.elasticsearch.hosts`
|
2019-04-14 19:39:46 +00:00
|
|
|
instead.
|
|
|
|
'';
|
|
|
|
default = null;
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
};
|
|
|
|
|
|
|
|
hosts = mkOption {
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc ''
|
2019-04-14 19:39:46 +00:00
|
|
|
The URLs of the Elasticsearch instances to use for all your queries.
|
|
|
|
All nodes listed here must be on the same cluster.
|
|
|
|
|
2022-07-28 21:19:15 +00:00
|
|
|
Defaults to `[ "http://localhost:9200" ]`.
|
2019-04-14 19:39:46 +00:00
|
|
|
|
|
|
|
This option is only valid when using kibana >= 6.6.
|
|
|
|
'';
|
|
|
|
default = null;
|
|
|
|
type = types.nullOr (types.listOf types.str);
|
2015-09-18 22:18:43 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
username = mkOption {
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc "Username for elasticsearch basic auth.";
|
2015-09-18 22:18:43 +00:00
|
|
|
default = null;
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
};
|
|
|
|
|
|
|
|
password = mkOption {
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc "Password for elasticsearch basic auth.";
|
2015-09-18 22:18:43 +00:00
|
|
|
default = null;
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
};
|
|
|
|
|
|
|
|
ca = mkOption {
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc ''
|
2017-06-13 20:36:08 +00:00
|
|
|
CA file to auth against elasticsearch.
|
|
|
|
|
2022-07-28 21:19:15 +00:00
|
|
|
It's recommended to use the {option}`certificateAuthorities` option
|
2017-06-13 20:36:08 +00:00
|
|
|
when using kibana-5.4 or newer.
|
|
|
|
'';
|
2015-09-18 22:18:43 +00:00
|
|
|
default = null;
|
|
|
|
type = types.nullOr types.path;
|
|
|
|
};
|
|
|
|
|
2017-06-13 20:36:08 +00:00
|
|
|
certificateAuthorities = mkOption {
|
2022-08-28 19:18:44 +00:00
|
|
|
description = lib.mdDoc ''
|
2017-06-13 20:36:08 +00:00
|
|
|
CA files to auth against elasticsearch.
|
|
|
|
|
2022-08-28 19:18:44 +00:00
|
|
|
Please use the {option}`ca` option when using kibana \< 5.4
|
2017-06-13 20:36:08 +00:00
|
|
|
because those old versions don't support setting multiple CA's.
|
|
|
|
|
2022-08-28 19:18:44 +00:00
|
|
|
This defaults to the singleton list [ca] when the {option}`ca` option is defined.
|
2017-06-13 20:36:08 +00:00
|
|
|
'';
|
2019-04-24 03:48:22 +00:00
|
|
|
default = if cfg.elasticsearch.ca == null then [] else [ca];
|
2021-12-05 20:45:35 +00:00
|
|
|
defaultText = literalExpression ''
|
|
|
|
if config.${opt.elasticsearch.ca} == null then [ ] else [ ca ]
|
|
|
|
'';
|
2017-06-13 20:36:08 +00:00
|
|
|
type = types.listOf types.path;
|
|
|
|
};
|
|
|
|
|
2015-09-18 22:18:43 +00:00
|
|
|
cert = mkOption {
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc "Certificate file to auth against elasticsearch.";
|
2015-09-18 22:18:43 +00:00
|
|
|
default = null;
|
|
|
|
type = types.nullOr types.path;
|
|
|
|
};
|
|
|
|
|
|
|
|
key = mkOption {
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc "Key file to auth against elasticsearch.";
|
2015-09-18 22:18:43 +00:00
|
|
|
default = null;
|
|
|
|
type = types.nullOr types.path;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
package = mkOption {
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc "Kibana package to use";
|
2015-09-18 22:18:43 +00:00
|
|
|
default = pkgs.kibana;
|
2021-10-03 16:06:03 +00:00
|
|
|
defaultText = literalExpression "pkgs.kibana";
|
2015-09-18 22:18:43 +00:00
|
|
|
type = types.package;
|
|
|
|
};
|
|
|
|
|
|
|
|
dataDir = mkOption {
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc "Kibana data directory";
|
2015-09-18 22:18:43 +00:00
|
|
|
default = "/var/lib/kibana";
|
|
|
|
type = types.path;
|
|
|
|
};
|
|
|
|
|
|
|
|
extraConf = mkOption {
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc "Kibana extra configuration";
|
2015-09-18 22:18:43 +00:00
|
|
|
default = {};
|
|
|
|
type = types.attrs;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
config = mkIf (cfg.enable) {
|
2019-04-14 19:39:46 +00:00
|
|
|
assertions = [
|
|
|
|
{
|
|
|
|
assertion = ge7 -> cfg.elasticsearch.url == null;
|
|
|
|
message =
|
|
|
|
"The option services.kibana.elasticsearch.url has been removed when using kibana >= 7.0.0. " +
|
|
|
|
"Please use option services.kibana.elasticsearch.hosts instead.";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
assertion = lt6_6 -> cfg.elasticsearch.hosts == null;
|
|
|
|
message =
|
|
|
|
"The option services.kibana.elasticsearch.hosts is only valid for kibana >= 6.6.";
|
|
|
|
}
|
|
|
|
];
|
2015-09-18 22:18:43 +00:00
|
|
|
systemd.services.kibana = {
|
|
|
|
description = "Kibana Service";
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
2016-09-10 18:20:28 +00:00
|
|
|
after = [ "network.target" "elasticsearch.service" ];
|
2016-02-13 14:01:45 +00:00
|
|
|
environment = { BABEL_CACHE_PATH = "${cfg.dataDir}/.babelcache.json"; };
|
2015-09-18 22:18:43 +00:00
|
|
|
serviceConfig = {
|
2018-11-29 16:10:15 +00:00
|
|
|
ExecStart =
|
|
|
|
"${cfg.package}/bin/kibana" +
|
|
|
|
" --config ${cfgFile}" +
|
|
|
|
" --path.data ${cfg.dataDir}";
|
2015-09-18 22:18:43 +00:00
|
|
|
User = "kibana";
|
|
|
|
WorkingDirectory = cfg.dataDir;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
environment.systemPackages = [ cfg.package ];
|
|
|
|
|
2019-09-14 17:51:29 +00:00
|
|
|
users.users.kibana = {
|
2021-08-08 12:00:00 +00:00
|
|
|
isSystemUser = true;
|
2015-09-18 22:18:43 +00:00
|
|
|
description = "Kibana service user";
|
|
|
|
home = cfg.dataDir;
|
|
|
|
createHome = true;
|
2021-08-08 12:00:00 +00:00
|
|
|
group = "kibana";
|
2015-09-18 22:18:43 +00:00
|
|
|
};
|
2021-08-08 12:00:00 +00:00
|
|
|
users.groups.kibana = {};
|
2015-09-18 22:18:43 +00:00
|
|
|
};
|
|
|
|
}
|