mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-23 15:33:13 +00:00
nixos/grafana: Fix and adjust config options
This commit is contained in:
Joscha
parent
8407b20a4e
commit
daa75a4093
@ -10,7 +10,26 @@ let
|
||||
useMysql = cfg.settings.database.type == "mysql";
|
||||
usePostgresql = cfg.settings.database.type == "postgres";
|
||||
|
||||
settingsFormatIni = pkgs.formats.ini { };
|
||||
# Prefer using the values from the default config file[0] directly. This way,
|
||||
# people reading the NixOS manual can see them without cross-referencing the
|
||||
# official documentation.
|
||||
#
|
||||
# However, if there is no default entry or if the setting is optional, use
|
||||
# `null` as the default value. It will be turned into the empty string.
|
||||
#
|
||||
# If a setting is a list, always allow setting it as a plain string as well.
|
||||
#
|
||||
# [0]: https://github.com/grafana/grafana/blob/main/conf/defaults.ini
|
||||
settingsFormatIni = pkgs.formats.ini {
|
||||
listToValue = concatMapStringsSep " " (generators.mkValueStringDefault { });
|
||||
mkKeyValue = generators.mkKeyValueDefault
|
||||
{
|
||||
mkValueString = v:
|
||||
if v == null then ""
|
||||
else generators.mkValueStringDefault { } v;
|
||||
}
|
||||
"=";
|
||||
};
|
||||
configFile = settingsFormatIni.generate "config.ini" cfg.settings;
|
||||
|
||||
mkProvisionCfg = name: attr: provisionCfg:
|
||||
@ -405,7 +424,6 @@ in
|
||||
This setting is also important if you have a reverse proxy in front of Grafana that exposes it through a subpath.
|
||||
In that case add the subpath to the end of this URL setting.
|
||||
'';
|
||||
# https://github.com/grafana/grafana/blob/cb7e18938b8eb6860a64b91aaba13a7eb31bc95b/conf/defaults.ini#L54
|
||||
default = "%(protocol)s://%(domain)s:%(http_port)s/";
|
||||
type = types.str;
|
||||
};
|
||||
@ -453,16 +471,16 @@ in
|
||||
description = lib.mdDoc ''
|
||||
Path to the certificate file (if `protocol` is set to `https` or `h2`).
|
||||
'';
|
||||
default = "";
|
||||
type = types.str;
|
||||
default = null;
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
|
||||
cert_key = mkOption {
|
||||
description = lib.mdDoc ''
|
||||
Path to the certificate key file (if `protocol` is set to `https` or `h2`).
|
||||
'';
|
||||
default = "";
|
||||
type = types.str;
|
||||
default = null;
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
|
||||
socket_gid = mkOption {
|
||||
@ -505,8 +523,8 @@ in
|
||||
For example, given a cdn url like `https://cdn.myserver.com`
|
||||
grafana will try to load a javascript file from `http://cdn.myserver.com/grafana-oss/7.4.0/public/build/app.<hash>.js`.
|
||||
'';
|
||||
default = "";
|
||||
type = types.str;
|
||||
default = null;
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
|
||||
read_timeout = mkOption {
|
||||
@ -572,7 +590,7 @@ in
|
||||
|
||||
max_open_conn = mkOption {
|
||||
description = lib.mdDoc "The maximum number of open connections to the database.";
|
||||
default = 0; # https://github.com/grafana/grafana/blob/cb7e18938b8eb6860a64b91aaba13a7eb31bc95b/conf/defaults.ini#L123-L124
|
||||
default = 0;
|
||||
type = types.int;
|
||||
};
|
||||
|
||||
@ -606,7 +624,7 @@ in
|
||||
For Postgres, use either `disable`, `require` or `verify-full`.
|
||||
For MySQL, use either `true`, `false`, or `skip-verify`.
|
||||
'';
|
||||
default = "disable"; # https://github.com/grafana/grafana/blob/cb7e18938b8eb6860a64b91aaba13a7eb31bc95b/conf/defaults.ini#L134
|
||||
default = "disable";
|
||||
type = types.enum [ "disable" "require" "verify-full" "true" "false" "skip-verify" ];
|
||||
};
|
||||
|
||||
@ -621,20 +639,20 @@ in
|
||||
|
||||
ca_cert_path = mkOption {
|
||||
description = lib.mdDoc "The path to the CA certificate to use.";
|
||||
default = "";
|
||||
type = types.str;
|
||||
default = null;
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
|
||||
client_key_path = mkOption {
|
||||
description = lib.mdDoc "The path to the client key. Only if server requires client authentication.";
|
||||
default = "";
|
||||
type = types.str;
|
||||
default = null;
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
|
||||
client_cert_path = mkOption {
|
||||
description = lib.mdDoc "The path to the client cert. Only if server requires client authentication.";
|
||||
default = "";
|
||||
type = types.str;
|
||||
default = null;
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
|
||||
server_cert_name = mkOption {
|
||||
@ -642,8 +660,8 @@ in
|
||||
The common name field of the certificate used by the `mysql` or `postgres` server.
|
||||
Not necessary if `ssl_mode` is set to `skip-verify`.
|
||||
'';
|
||||
default = "";
|
||||
type = types.str;
|
||||
default = null;
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
|
||||
path = mkOption {
|
||||
@ -751,8 +769,8 @@ in
|
||||
Format: `ip_or_domain:port` separated by spaces.
|
||||
PostgreSQL, MySQL, and MSSQL data sources do not use the proxy and are therefore unaffected by this setting.
|
||||
'';
|
||||
default = "";
|
||||
type = types.str;
|
||||
default = [ ];
|
||||
type = types.oneOf [ types.str (types.listOf types.str) ];
|
||||
};
|
||||
|
||||
disable_brute_force_login_protection = mkOption {
|
||||
@ -870,6 +888,27 @@ in
|
||||
# how exactly the quoting of the default value works. See also
|
||||
# https://github.com/grafana/grafana/blob/cb7e18938b8eb6860a64b91aaba13a7eb31bc95b/conf/defaults.ini#L364
|
||||
# https://github.com/grafana/grafana/blob/cb7e18938b8eb6860a64b91aaba13a7eb31bc95b/conf/defaults.ini#L373
|
||||
|
||||
# These two options are lists joined with spaces:
|
||||
# https://github.com/grafana/grafana/blob/916d9793aa81c2990640b55a15dee0db6b525e41/pkg/middleware/csrf/csrf.go#L37-L38
|
||||
|
||||
csrf_trusted_origins = mkOption {
|
||||
description = lib.mdDoc ''
|
||||
List of additional allowed URLs to pass by the CSRF check.
|
||||
Suggested when authentication comes from an IdP.
|
||||
'';
|
||||
default = [ ];
|
||||
type = types.oneOf [ types.str (types.listOf types.str) ];
|
||||
};
|
||||
|
||||
csrf_additional_headers = mkOption {
|
||||
description = lib.mdDoc ''
|
||||
List of allowed headers to be set by the user.
|
||||
Suggested to use for if authentication lives behind reverse proxies.
|
||||
'';
|
||||
default = [ ];
|
||||
type = types.oneOf [ types.str (types.listOf types.str) ];
|
||||
};
|
||||
};
|
||||
|
||||
smtp = {
|
||||
@ -887,8 +926,8 @@ in
|
||||
|
||||
user = mkOption {
|
||||
description = lib.mdDoc "User used for authentication.";
|
||||
default = "";
|
||||
type = types.str;
|
||||
default = null;
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
|
||||
password = mkOption {
|
||||
@ -905,14 +944,14 @@ in
|
||||
|
||||
cert_file = mkOption {
|
||||
description = lib.mdDoc "File path to a cert file.";
|
||||
default = "";
|
||||
type = types.str;
|
||||
default = null;
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
|
||||
key_file = mkOption {
|
||||
description = lib.mdDoc "File path to a key file.";
|
||||
default = "";
|
||||
type = types.str;
|
||||
default = null;
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
|
||||
skip_verify = mkOption {
|
||||
@ -933,6 +972,12 @@ in
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
ehlo_identity = mkOption {
|
||||
description = lib.mdDoc "Name to be used as client identity for EHLO in SMTP dialog.";
|
||||
default = null;
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
|
||||
startTLS_policy = mkOption {
|
||||
description = lib.mdDoc "StartTLS policy when connecting to server.";
|
||||
default = null;
|
||||
@ -1050,6 +1095,8 @@ in
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
# Lists are joined via space, so this option can't be a list.
|
||||
# Users have to manually join their values.
|
||||
hidden_users = mkOption {
|
||||
description = lib.mdDoc ''
|
||||
This is a comma-separated list of usernames.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user