Merge pull request #63844 from aanderse/zabbix-cleanup
nixos/zabbix: overhaul package & module
This commit is contained in:
commit
c13fbe0551
17 changed files with 1161 additions and 384 deletions
|
@ -137,9 +137,9 @@
|
|||
<listitem>
|
||||
<para>
|
||||
Several of the apache subservices have been replaced with full NixOS
|
||||
modules including LimeSurvey and WordPress.
|
||||
These modules can be enabled using the <option>services.limesurvey.enable</option>
|
||||
and <option>services.wordpress.enable</option> options.
|
||||
modules including LimeSurvey, WordPress, and Zabbix.
|
||||
These modules can be enabled using the <option>services.limesurvey.enable</option>,
|
||||
<option>services.wordpress.enable</option>, and <option>services.zabbixWeb.enable</option> options.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
|
|
@ -516,7 +516,7 @@
|
|||
tss = 176;
|
||||
#memcached = 177; # unused, removed 2018-01-03
|
||||
#ntp = 179; # unused
|
||||
#zabbix = 180; # unused
|
||||
zabbix = 180;
|
||||
#redis = 181; # unused, removed 2018-01-03
|
||||
#unifi = 183; # unused
|
||||
#uptimed = 184; # unused
|
||||
|
|
|
@ -516,6 +516,7 @@
|
|||
./services/monitoring/uptime.nix
|
||||
./services/monitoring/vnstat.nix
|
||||
./services/monitoring/zabbix-agent.nix
|
||||
./services/monitoring/zabbix-proxy.nix
|
||||
./services/monitoring/zabbix-server.nix
|
||||
./services/network-filesystems/beegfs.nix
|
||||
./services/network-filesystems/cachefilesd.nix
|
||||
|
@ -782,6 +783,7 @@
|
|||
./services/web-apps/virtlyst.nix
|
||||
./services/web-apps/wordpress.nix
|
||||
./services/web-apps/youtrack.nix
|
||||
./services/web-apps/zabbix.nix
|
||||
./services/web-servers/apache-httpd/default.nix
|
||||
./services/web-servers/caddy.nix
|
||||
./services/web-servers/fcgiwrap.nix
|
||||
|
|
|
@ -171,6 +171,9 @@ with lib;
|
|||
The starting time can be configured via <literal>services.postgresqlBackup.startAt</literal>.
|
||||
'')
|
||||
|
||||
# zabbixServer
|
||||
(mkRenamedOptionModule [ "services" "zabbixServer" "dbServer" ] [ "services" "zabbixServer" "database" "host" ])
|
||||
|
||||
# Profile splitting
|
||||
(mkRenamedOptionModule [ "virtualisation" "growPartition" ] [ "boot" "growPartition" ])
|
||||
|
||||
|
@ -214,6 +217,7 @@ with lib;
|
|||
(mkRemovedOptionModule [ "services" "winstone" ] "The corresponding package was removed from nixpkgs.")
|
||||
(mkRemovedOptionModule [ "services" "mysql" "pidDir" ] "Don't wait for pidfiles, describe dependencies through systemd")
|
||||
(mkRemovedOptionModule [ "services" "mysql" "rootPassword" ] "Use socket authentication or set the password outside of the nix store.")
|
||||
(mkRemovedOptionModule [ "services" "zabbixServer" "dbPassword" ] "Use services.zabbixServer.database.passwordFile instead.")
|
||||
|
||||
# ZSH
|
||||
(mkRenamedOptionModule [ "programs" "zsh" "enableSyntaxHighlighting" ] [ "programs" "zsh" "syntaxHighlighting" "enable" ])
|
||||
|
|
|
@ -1,73 +1,118 @@
|
|||
# Zabbix agent daemon.
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.services.zabbixAgent;
|
||||
|
||||
zabbix = cfg.package;
|
||||
inherit (lib) mkDefault mkEnableOption mkIf mkOption;
|
||||
inherit (lib) attrValues concatMapStringsSep literalExample optionalString types;
|
||||
|
||||
stateDir = "/run/zabbix";
|
||||
user = "zabbix-agent";
|
||||
group = "zabbix-agent";
|
||||
|
||||
logDir = "/var/log/zabbix";
|
||||
moduleEnv = pkgs.symlinkJoin {
|
||||
name = "zabbix-agent-module-env";
|
||||
paths = attrValues cfg.modules;
|
||||
};
|
||||
|
||||
pidFile = "${stateDir}/zabbix_agentd.pid";
|
||||
|
||||
configFile = pkgs.writeText "zabbix_agentd.conf"
|
||||
''
|
||||
Server = ${cfg.server}
|
||||
|
||||
LogFile = ${logDir}/zabbix_agentd
|
||||
|
||||
PidFile = ${pidFile}
|
||||
|
||||
StartAgents = 1
|
||||
|
||||
${config.services.zabbixAgent.extraConfig}
|
||||
'';
|
||||
configFile = pkgs.writeText "zabbix_agent.conf" ''
|
||||
LogType = console
|
||||
Server = ${cfg.server}
|
||||
ListenIP = ${cfg.listen.ip}
|
||||
ListenPort = ${toString cfg.listen.port}
|
||||
${optionalString (cfg.modules != {}) "LoadModulePath = ${moduleEnv}/lib"}
|
||||
${concatMapStringsSep "\n" (name: "LoadModule = ${name}") (builtins.attrNames cfg.modules)}
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
# interface
|
||||
|
||||
options = {
|
||||
|
||||
services.zabbixAgent = {
|
||||
enable = mkEnableOption "the Zabbix Agent";
|
||||
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.zabbix.agent;
|
||||
defaultText = "pkgs.zabbix.agent";
|
||||
description = "The Zabbix package to use.";
|
||||
};
|
||||
|
||||
extraPackages = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = with pkgs; [ nettools ];
|
||||
defaultText = "[ nettools ]";
|
||||
example = "[ nettools mysql ]";
|
||||
description = ''
|
||||
Whether to run the Zabbix monitoring agent on this machine.
|
||||
It will send monitoring data to a Zabbix server.
|
||||
Packages to be added to the Zabbix <envar>PATH</envar>.
|
||||
Typically used to add executables for scripts, but can be anything.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.attrs; # Note: pkgs.zabbixXY isn't a derivation, but an attrset of { server = ...; agent = ...; }.
|
||||
default = pkgs.zabbix;
|
||||
defaultText = "pkgs.zabbix";
|
||||
example = literalExample "pkgs.zabbix34";
|
||||
description = ''
|
||||
The Zabbix package to use.
|
||||
modules = mkOption {
|
||||
type = types.attrsOf types.package;
|
||||
description = "A set of modules to load.";
|
||||
default = {};
|
||||
example = literalExample ''
|
||||
{
|
||||
"dummy.so" = pkgs.stdenv.mkDerivation {
|
||||
name = "zabbix-dummy-module-''${cfg.package.version}";
|
||||
src = cfg.package.src;
|
||||
buildInputs = [ cfg.package ];
|
||||
sourceRoot = "zabbix-''${cfg.package.version}/src/modules/dummy";
|
||||
installPhase = '''
|
||||
mkdir -p $out/lib
|
||||
cp dummy.so $out/lib/
|
||||
''';
|
||||
};
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
server = mkOption {
|
||||
default = "127.0.0.1";
|
||||
type = types.str;
|
||||
description = ''
|
||||
The IP address or hostname of the Zabbix server to connect to.
|
||||
'';
|
||||
};
|
||||
|
||||
listen = {
|
||||
ip = mkOption {
|
||||
type = types.str;
|
||||
default = "0.0.0.0";
|
||||
description = ''
|
||||
List of comma delimited IP addresses that the agent should listen on.
|
||||
'';
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 10050;
|
||||
description = ''
|
||||
Agent will listen on this port for connections from the server.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Open ports in the firewall for the Zabbix Agent.
|
||||
'';
|
||||
};
|
||||
|
||||
# TODO: for bonus points migrate this to https://github.com/NixOS/rfcs/pull/42
|
||||
extraConfig = mkOption {
|
||||
default = "";
|
||||
type = types.lines;
|
||||
description = ''
|
||||
Configuration that is injected verbatim into the configuration file.
|
||||
Configuration that is injected verbatim into the configuration file. Refer to
|
||||
<link xlink:href="https://www.zabbix.com/documentation/current/manual/appendix/config/zabbix_agentd"/>
|
||||
for details on supported values.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -75,38 +120,38 @@ in
|
|||
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
# implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
users.users = mkIf (!config.services.zabbixServer.enable) (singleton
|
||||
{ name = "zabbix";
|
||||
uid = config.ids.uids.zabbix;
|
||||
description = "Zabbix daemon user";
|
||||
});
|
||||
networking.firewall = mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [ cfg.listen.port ];
|
||||
};
|
||||
|
||||
systemd.services."zabbix-agent" =
|
||||
{ description = "Zabbix Agent";
|
||||
users.users.${user} = {
|
||||
description = "Zabbix Agent daemon user";
|
||||
inherit group;
|
||||
};
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
users.groups.${group} = { };
|
||||
|
||||
path = [ pkgs.nettools ];
|
||||
systemd.services."zabbix-agent" = {
|
||||
description = "Zabbix Agent";
|
||||
|
||||
preStart =
|
||||
''
|
||||
mkdir -m 0755 -p ${stateDir} ${logDir}
|
||||
chown zabbix ${stateDir} ${logDir}
|
||||
'';
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig.ExecStart = "@${zabbix.agent}/sbin/zabbix_agentd zabbix_agentd --config ${configFile}";
|
||||
serviceConfig.Type = "forking";
|
||||
serviceConfig.RemainAfterExit = true;
|
||||
serviceConfig.Restart = "always";
|
||||
serviceConfig.RestartSec = 2;
|
||||
path = [ "/run/wrappers" ] ++ cfg.extraPackages;
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "@${cfg.package}/sbin/zabbix_agentd zabbix_agentd -f --config ${configFile}";
|
||||
Restart = "always";
|
||||
RestartSec = 2;
|
||||
|
||||
User = user;
|
||||
Group = group;
|
||||
PrivateTmp = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = [ zabbix.agent ];
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
|
290
nixos/modules/services/monitoring/zabbix-proxy.nix
Normal file
290
nixos/modules/services/monitoring/zabbix-proxy.nix
Normal file
|
@ -0,0 +1,290 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.zabbixProxy;
|
||||
pgsql = config.services.postgresql;
|
||||
mysql = config.services.mysql;
|
||||
|
||||
inherit (lib) mkDefault mkEnableOption mkIf mkOption;
|
||||
inherit (lib) attrValues concatMapStringsSep literalExample optional optionalAttrs optionalString types;
|
||||
|
||||
user = "zabbix";
|
||||
group = "zabbix";
|
||||
runtimeDir = "/run/zabbix";
|
||||
stateDir = "/var/lib/zabbix";
|
||||
passwordFile = "${runtimeDir}/zabbix-dbpassword.conf";
|
||||
|
||||
moduleEnv = pkgs.symlinkJoin {
|
||||
name = "zabbix-proxy-module-env";
|
||||
paths = attrValues cfg.modules;
|
||||
};
|
||||
|
||||
configFile = pkgs.writeText "zabbix_proxy.conf" ''
|
||||
LogType = console
|
||||
ListenIP = ${cfg.listen.ip}
|
||||
ListenPort = ${toString cfg.listen.port}
|
||||
# TODO: set to cfg.database.socket if database type is pgsql?
|
||||
DBHost = ${optionalString (cfg.database.createLocally != true) cfg.database.host}
|
||||
${optionalString (cfg.database.createLocally != true) "DBPort = ${cfg.database.port}"}
|
||||
DBName = ${cfg.database.name}
|
||||
DBUser = ${cfg.database.user}
|
||||
${optionalString (cfg.database.passwordFile != null) "Include ${passwordFile}"}
|
||||
${optionalString (mysqlLocal && cfg.database.socket != null) "DBSocket = ${cfg.database.socket}"}
|
||||
SocketDir = ${runtimeDir}
|
||||
FpingLocation = /run/wrappers/bin/fping
|
||||
${optionalString (cfg.modules != {}) "LoadModulePath = ${moduleEnv}/lib"}
|
||||
${concatMapStringsSep "\n" (name: "LoadModule = ${name}") (builtins.attrNames cfg.modules)}
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
|
||||
mysqlLocal = cfg.database.createLocally && cfg.database.type == "mysql";
|
||||
pgsqlLocal = cfg.database.createLocally && cfg.database.type == "pgsql";
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
# interface
|
||||
|
||||
options = {
|
||||
|
||||
services.zabbixProxy = {
|
||||
enable = mkEnableOption "the Zabbix Proxy";
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default =
|
||||
if cfg.database.type == "mysql" then pkgs.zabbix.proxy-mysql
|
||||
else if cfg.database.type == "pgsql" then pkgs.zabbix.proxy-pgsql
|
||||
else pkgs.zabbix.proxy-sqlite;
|
||||
defaultText = "pkgs.zabbix.proxy-pgsql";
|
||||
description = "The Zabbix package to use.";
|
||||
};
|
||||
|
||||
extraPackages = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = with pkgs; [ nettools nmap traceroute ];
|
||||
defaultText = "[ nettools nmap traceroute ]";
|
||||
description = ''
|
||||
Packages to be added to the Zabbix <envar>PATH</envar>.
|
||||
Typically used to add executables for scripts, but can be anything.
|
||||
'';
|
||||
};
|
||||
|
||||
modules = mkOption {
|
||||
type = types.attrsOf types.package;
|
||||
description = "A set of modules to load.";
|
||||
default = {};
|
||||
example = literalExample ''
|
||||
{
|
||||
"dummy.so" = pkgs.stdenv.mkDerivation {
|
||||
name = "zabbix-dummy-module-''${cfg.package.version}";
|
||||
src = cfg.package.src;
|
||||
buildInputs = [ cfg.package ];
|
||||
sourceRoot = "zabbix-''${cfg.package.version}/src/modules/dummy";
|
||||
installPhase = '''
|
||||
mkdir -p $out/lib
|
||||
cp dummy.so $out/lib/
|
||||
''';
|
||||
};
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
database = {
|
||||
type = mkOption {
|
||||
type = types.enum [ "mysql" "pgsql" "sqlite" ];
|
||||
example = "mysql";
|
||||
default = "pgsql";
|
||||
description = "Database engine to use.";
|
||||
};
|
||||
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = "Database host address.";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = if cfg.database.type == "mysql" then mysql.port else pgsql.port;
|
||||
description = "Database host port.";
|
||||
};
|
||||
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = "zabbix";
|
||||
description = "Database name.";
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "zabbix";
|
||||
description = "Database user.";
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/run/keys/zabbix-dbpassword";
|
||||
description = ''
|
||||
A file containing the password corresponding to
|
||||
<option>database.user</option>.
|
||||
'';
|
||||
};
|
||||
|
||||
socket = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/run/postgresql";
|
||||
description = "Path to the unix socket file to use for authentication.";
|
||||
};
|
||||
|
||||
createLocally = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Whether to create a local database automatically.";
|
||||
};
|
||||
};
|
||||
|
||||
listen = {
|
||||
ip = mkOption {
|
||||
type = types.str;
|
||||
default = "0.0.0.0";
|
||||
description = ''
|
||||
List of comma delimited IP addresses that the trapper should listen on.
|
||||
Trapper will listen on all network interfaces if this parameter is missing.
|
||||
'';
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 10051;
|
||||
description = ''
|
||||
Listen port for trapper.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Open ports in the firewall for the Zabbix Proxy.
|
||||
'';
|
||||
};
|
||||
|
||||
# TODO: for bonus points migrate this to https://github.com/NixOS/rfcs/pull/42
|
||||
extraConfig = mkOption {
|
||||
default = "";
|
||||
type = types.lines;
|
||||
description = ''
|
||||
Configuration that is injected verbatim into the configuration file. Refer to
|
||||
<link xlink:href="https://www.zabbix.com/documentation/current/manual/appendix/config/zabbix_proxy"/>
|
||||
for details on supported values.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
# implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
assertions = [
|
||||
{ assertion = !config.services.zabbixServer.enable;
|
||||
message = "Please choose one of services.zabbixServer or services.zabbixProxy.";
|
||||
}
|
||||
{ assertion = cfg.database.createLocally -> cfg.database.user == user;
|
||||
message = "services.zabbixProxy.database.user must be set to ${user} if services.zabbixProxy.database.createLocally is set true";
|
||||
}
|
||||
{ assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
|
||||
message = "a password cannot be specified if services.zabbixProxy.database.createLocally is set to true";
|
||||
}
|
||||
];
|
||||
|
||||
networking.firewall = mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [ cfg.listen.port ];
|
||||
};
|
||||
|
||||
services.mysql = optionalAttrs mysqlLocal {
|
||||
enable = true;
|
||||
package = mkDefault pkgs.mariadb;
|
||||
ensureDatabases = [ cfg.database.name ];
|
||||
ensureUsers = [
|
||||
{ name = cfg.database.user;
|
||||
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
services.postgresql = optionalAttrs pgsqlLocal {
|
||||
enable = true;
|
||||
ensureDatabases = [ cfg.database.name ];
|
||||
ensureUsers = [
|
||||
{ name = cfg.database.user;
|
||||
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
users.users.${user} = {
|
||||
description = "Zabbix daemon user";
|
||||
uid = config.ids.uids.zabbix;
|
||||
inherit group;
|
||||
};
|
||||
|
||||
users.groups.${group} = {
|
||||
gid = config.ids.gids.zabbix;
|
||||
};
|
||||
|
||||
security.wrappers = {
|
||||
fping.source = "${pkgs.fping}/bin/fping";
|
||||
};
|
||||
|
||||
systemd.services."zabbix-proxy" = {
|
||||
description = "Zabbix Proxy";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
|
||||
|
||||
path = [ "/run/wrappers" ] ++ cfg.extraPackages;
|
||||
preStart = optionalString pgsqlLocal ''
|
||||
if ! test -e "${stateDir}/db-created"; then
|
||||
cat ${cfg.package}/share/zabbix/database/postgresql/schema.sql | ${pgsql.package}/bin/psql ${cfg.database.name}
|
||||
cat ${cfg.package}/share/zabbix/database/postgresql/images.sql | ${pgsql.package}/bin/psql ${cfg.database.name}
|
||||
cat ${cfg.package}/share/zabbix/database/postgresql/data.sql | ${pgsql.package}/bin/psql ${cfg.database.name}
|
||||
touch "${stateDir}/db-created"
|
||||
fi
|
||||
'' + optionalString mysqlLocal ''
|
||||
if ! test -e "${stateDir}/db-created"; then
|
||||
cat ${cfg.package}/share/zabbix/database/mysql/schema.sql | ${mysql.package}/bin/mysql ${cfg.database.name}
|
||||
cat ${cfg.package}/share/zabbix/database/mysql/images.sql | ${mysql.package}/bin/mysql ${cfg.database.name}
|
||||
cat ${cfg.package}/share/zabbix/database/mysql/data.sql | ${mysql.package}/bin/mysql ${cfg.database.name}
|
||||
touch "${stateDir}/db-created"
|
||||
fi
|
||||
'' + optionalString (cfg.database.passwordFile != null) ''
|
||||
# create a copy of the supplied password file in a format zabbix can consume
|
||||
touch ${passwordFile}
|
||||
chmod 0600 ${passwordFile}
|
||||
echo -n "DBPassword = " > ${passwordFile}
|
||||
cat ${cfg.database.passwordFile} >> ${passwordFile}
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "@${cfg.package}/sbin/zabbix_proxy zabbix_proxy -f --config ${configFile}";
|
||||
Restart = "always";
|
||||
RestartSec = 2;
|
||||
|
||||
User = user;
|
||||
Group = group;
|
||||
RuntimeDirectory = "zabbix";
|
||||
StateDirectory = "zabbix";
|
||||
PrivateTmp = true;
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
|
@ -1,147 +1,293 @@
|
|||
# Zabbix server daemon.
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.services.zabbixServer;
|
||||
pgsql = config.services.postgresql;
|
||||
mysql = config.services.mysql;
|
||||
|
||||
stateDir = "/run/zabbix";
|
||||
inherit (lib) mkDefault mkEnableOption mkIf mkOption;
|
||||
inherit (lib) attrValues concatMapStringsSep literalExample optional optionalAttrs optionalString types;
|
||||
|
||||
logDir = "/var/log/zabbix";
|
||||
user = "zabbix";
|
||||
group = "zabbix";
|
||||
runtimeDir = "/run/zabbix";
|
||||
stateDir = "/var/lib/zabbix";
|
||||
passwordFile = "${runtimeDir}/zabbix-dbpassword.conf";
|
||||
|
||||
libDir = "/var/lib/zabbix";
|
||||
moduleEnv = pkgs.symlinkJoin {
|
||||
name = "zabbix-server-module-env";
|
||||
paths = attrValues cfg.modules;
|
||||
};
|
||||
|
||||
pidFile = "${stateDir}/zabbix_server.pid";
|
||||
configFile = pkgs.writeText "zabbix_server.conf" ''
|
||||
LogType = console
|
||||
ListenIP = ${cfg.listen.ip}
|
||||
ListenPort = ${toString cfg.listen.port}
|
||||
# TODO: set to cfg.database.socket if database type is pgsql?
|
||||
DBHost = ${optionalString (cfg.database.createLocally != true) cfg.database.host}
|
||||
${optionalString (cfg.database.createLocally != true) "DBPort = ${cfg.database.port}"}
|
||||
DBName = ${cfg.database.name}
|
||||
DBUser = ${cfg.database.user}
|
||||
${optionalString (cfg.database.passwordFile != null) "Include ${passwordFile}"}
|
||||
${optionalString (mysqlLocal && cfg.database.socket != null) "DBSocket = ${cfg.database.socket}"}
|
||||
SocketDir = ${runtimeDir}
|
||||
FpingLocation = /run/wrappers/bin/fping
|
||||
${optionalString (cfg.modules != {}) "LoadModulePath = ${moduleEnv}/lib"}
|
||||
${concatMapStringsSep "\n" (name: "LoadModule = ${name}") (builtins.attrNames cfg.modules)}
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
|
||||
configFile = pkgs.writeText "zabbix_server.conf"
|
||||
''
|
||||
ListenPort = ${cfg.listenPort}
|
||||
|
||||
LogFile = ${logDir}/zabbix_server
|
||||
|
||||
PidFile = ${pidFile}
|
||||
|
||||
${optionalString (cfg.dbServer != "localhost") ''
|
||||
DBHost = ${cfg.dbServer}
|
||||
''}
|
||||
|
||||
DBName = ${cfg.dbName}
|
||||
|
||||
DBUser = ${cfg.dbUser}
|
||||
|
||||
DBPort = ${cfg.dbPort}
|
||||
|
||||
DBPassword = ${cfg.dbPassword}
|
||||
|
||||
${config.services.zabbixServer.extraConfig}
|
||||
'';
|
||||
|
||||
useLocalMysql = cfg.dbServer == "localhost" || cfg.dbServer == "";
|
||||
mysqlLocal = cfg.database.createLocally && cfg.database.type == "mysql";
|
||||
pgsqlLocal = cfg.database.createLocally && cfg.database.type == "pgsql";
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
# interface
|
||||
|
||||
options = {
|
||||
|
||||
services.zabbixServer.enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Whether to run the Zabbix server on this machine.
|
||||
'';
|
||||
services.zabbixServer = {
|
||||
enable = mkEnableOption "the Zabbix Server";
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = if cfg.database.type == "mysql" then pkgs.zabbix.server-mysql else pkgs.zabbix.server-pgsql;
|
||||
defaultText = "pkgs.zabbix.server-pgsql";
|
||||
description = "The Zabbix package to use.";
|
||||
};
|
||||
|
||||
extraPackages = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = with pkgs; [ nettools nmap traceroute ];
|
||||
defaultText = "[ nettools nmap traceroute ]";
|
||||
description = ''
|
||||
Packages to be added to the Zabbix <envar>PATH</envar>.
|
||||
Typically used to add executables for scripts, but can be anything.
|
||||
'';
|
||||
};
|
||||
|
||||
modules = mkOption {
|
||||
type = types.attrsOf types.package;
|
||||
description = "A set of modules to load.";
|
||||
default = {};
|
||||
example = literalExample ''
|
||||
{
|
||||
"dummy.so" = pkgs.stdenv.mkDerivation {
|
||||
name = "zabbix-dummy-module-''${cfg.package.version}";
|
||||
src = cfg.package.src;
|
||||
buildInputs = [ cfg.package ];
|
||||
sourceRoot = "zabbix-''${cfg.package.version}/src/modules/dummy";
|
||||
installPhase = '''
|
||||
mkdir -p $out/lib
|
||||
cp dummy.so $out/lib/
|
||||
''';
|
||||
};
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
database = {
|
||||
type = mkOption {
|
||||
type = types.enum [ "mysql" "pgsql" ];
|
||||
example = "mysql";
|
||||
default = "pgsql";
|
||||
description = "Database engine to use.";
|
||||
};
|
||||
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = "Database host address.";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = if cfg.database.type == "mysql" then mysql.port else pgsql.port;
|
||||
description = "Database host port.";
|
||||
};
|
||||
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = "zabbix";
|
||||
description = "Database name.";
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "zabbix";
|
||||
description = "Database user.";
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/run/keys/zabbix-dbpassword";
|
||||
description = ''
|
||||
A file containing the password corresponding to
|
||||
<option>database.user</option>.
|
||||
'';
|
||||
};
|
||||
|
||||
socket = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/run/postgresql";
|
||||
description = "Path to the unix socket file to use for authentication.";
|
||||
};
|
||||
|
||||
createLocally = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Whether to create a local database automatically.";
|
||||
};
|
||||
};
|
||||
|
||||
listen = {
|
||||
ip = mkOption {
|
||||
type = types.str;
|
||||
default = "0.0.0.0";
|
||||
description = ''
|
||||
List of comma delimited IP addresses that the trapper should listen on.
|
||||
Trapper will listen on all network interfaces if this parameter is missing.
|
||||
'';
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 10051;
|
||||
description = ''
|
||||
Listen port for trapper.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Open ports in the firewall for the Zabbix Server.
|
||||
'';
|
||||
};
|
||||
|
||||
# TODO: for bonus points migrate this to https://github.com/NixOS/rfcs/pull/42
|
||||
extraConfig = mkOption {
|
||||
default = "";
|
||||
type = types.lines;
|
||||
description = ''
|
||||
Configuration that is injected verbatim into the configuration file. Refer to
|
||||
<link xlink:href="https://www.zabbix.com/documentation/current/manual/appendix/config/zabbix_server"/>
|
||||
for details on supported values.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
services.zabbixServer.dbServer = mkOption {
|
||||
default = "localhost";
|
||||
type = types.str;
|
||||
description = ''
|
||||
Hostname or IP address of the database server.
|
||||
Use an empty string ("") to use peer authentication.
|
||||
'';
|
||||
};
|
||||
|
||||
services.zabbixServer.dbPassword = mkOption {
|
||||
type = types.str;
|
||||
description = "Password used to connect to the database server.";
|
||||
};
|
||||
|
||||
services.zabbixServer.dbUser = mkOption {
|
||||
default = "zabbix";
|
||||
type = types.str;
|
||||
description = "User used to connect to the database server.";
|
||||
};
|
||||
|
||||
services.zabbixServer.dbPort = mkOption {
|
||||
default = "3306";
|
||||
type = types.str;
|
||||
description = "Port used to connect to the database server.";
|
||||
};
|
||||
|
||||
services.zabbixServer.dbName = mkOption {
|
||||
default = "zabbix";
|
||||
type = types.str;
|
||||
description = "Port used to connect to the database server.";
|
||||
};
|
||||
|
||||
services.zabbixServer.listenPort = mkOption {
|
||||
default = "10051";
|
||||
type = types.str;
|
||||
description = "Port used to listen to the agent.";
|
||||
};
|
||||
|
||||
services.zabbixServer.extraConfig = mkOption {
|
||||
default = "";
|
||||
type = types.lines;
|
||||
description = ''
|
||||
Configuration that is injected verbatim into the configuration file.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
###### implementation
|
||||
# implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
services.mysql.enable = useLocalMysql;
|
||||
services.mysql.package = pkgs.mysql;
|
||||
assertions = [
|
||||
{ assertion = cfg.database.createLocally -> cfg.database.user == user;
|
||||
message = "services.zabbixServer.database.user must be set to ${user} if services.zabbixServer.database.createLocally is set true";
|
||||
}
|
||||
{ assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
|
||||
message = "a password cannot be specified if services.zabbixServer.database.createLocally is set to true";
|
||||
}
|
||||
];
|
||||
|
||||
users.users = singleton
|
||||
{ name = "zabbix";
|
||||
uid = config.ids.uids.zabbix;
|
||||
description = "Zabbix daemon user";
|
||||
networking.firewall = mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [ cfg.listen.port ];
|
||||
};
|
||||
|
||||
services.mysql = optionalAttrs mysqlLocal {
|
||||
enable = true;
|
||||
package = mkDefault pkgs.mariadb;
|
||||
ensureDatabases = [ cfg.database.name ];
|
||||
ensureUsers = [
|
||||
{ name = cfg.database.user;
|
||||
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
services.postgresql = optionalAttrs pgsqlLocal {
|
||||
enable = true;
|
||||
ensureDatabases = [ cfg.database.name ];
|
||||
ensureUsers = [
|
||||
{ name = cfg.database.user;
|
||||
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
users.users.${user} = {
|
||||
description = "Zabbix daemon user";
|
||||
uid = config.ids.uids.zabbix;
|
||||
inherit group;
|
||||
};
|
||||
|
||||
users.groups.${group} = {
|
||||
gid = config.ids.gids.zabbix;
|
||||
};
|
||||
|
||||
security.wrappers = {
|
||||
fping.source = "${pkgs.fping}/bin/fping";
|
||||
};
|
||||
|
||||
systemd.services."zabbix-server" = {
|
||||
description = "Zabbix Server";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
|
||||
|
||||
path = [ "/run/wrappers" ] ++ cfg.extraPackages;
|
||||
preStart = ''
|
||||
# pre 19.09 compatibility
|
||||
if test -e "${runtimeDir}/db-created"; then
|
||||
mv "${runtimeDir}/db-created" "${stateDir}/"
|
||||
fi
|
||||
'' + optionalString pgsqlLocal ''
|
||||
if ! test -e "${stateDir}/db-created"; then
|
||||
cat ${cfg.package}/share/zabbix/database/postgresql/schema.sql | ${pgsql.package}/bin/psql ${cfg.database.name}
|
||||
cat ${cfg.package}/share/zabbix/database/postgresql/images.sql | ${pgsql.package}/bin/psql ${cfg.database.name}
|
||||
cat ${cfg.package}/share/zabbix/database/postgresql/data.sql | ${pgsql.package}/bin/psql ${cfg.database.name}
|
||||
touch "${stateDir}/db-created"
|
||||
fi
|
||||
'' + optionalString mysqlLocal ''
|
||||
if ! test -e "${stateDir}/db-created"; then
|
||||
cat ${cfg.package}/share/zabbix/database/mysql/schema.sql | ${mysql.package}/bin/mysql ${cfg.database.name}
|
||||
cat ${cfg.package}/share/zabbix/database/mysql/images.sql | ${mysql.package}/bin/mysql ${cfg.database.name}
|
||||
cat ${cfg.package}/share/zabbix/database/mysql/data.sql | ${mysql.package}/bin/mysql ${cfg.database.name}
|
||||
touch "${stateDir}/db-created"
|
||||
fi
|
||||
'' + optionalString (cfg.database.passwordFile != null) ''
|
||||
# create a copy of the supplied password file in a format zabbix can consume
|
||||
touch ${passwordFile}
|
||||
chmod 0600 ${passwordFile}
|
||||
echo -n "DBPassword = " > ${passwordFile}
|
||||
cat ${cfg.database.passwordFile} >> ${passwordFile}
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "@${cfg.package}/sbin/zabbix_server zabbix_server -f --config ${configFile}";
|
||||
Restart = "always";
|
||||
RestartSec = 2;
|
||||
|
||||
User = user;
|
||||
Group = group;
|
||||
RuntimeDirectory = "zabbix";
|
||||
StateDirectory = "zabbix";
|
||||
PrivateTmp = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."zabbix-server" =
|
||||
{ description = "Zabbix Server";
|
||||
systemd.services.httpd.after =
|
||||
optional (config.services.zabbixWeb.enable && mysqlLocal) "mysql.service" ++
|
||||
optional (config.services.zabbixWeb.enable && pgsqlLocal) "postgresql.service";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = optional useLocalMysql "mysql.service";
|
||||
|
||||
preStart =
|
||||
''
|
||||
mkdir -m 0755 -p ${stateDir} ${logDir} ${libDir}
|
||||
chown zabbix ${stateDir} ${logDir} ${libDir}
|
||||
${lib.optionalString (useLocalMysql) ''
|
||||
if ! test -e "${libDir}/db-created"; then
|
||||
${pkgs.sudo}/bin/sudo -u ${config.services.mysql.user} ${pkgs.mysql}/bin/mysql -uroot -e 'CREATE DATABASE ${cfg.dbName}'
|
||||
${pkgs.sudo}/bin/sudo -u ${config.services.mysql.user} ${pkgs.mysql}/bin/mysql -uroot -e "GRANT ALL ON ${cfg.dbName}.* TO ${cfg.dbUser}@localhost IDENTIFIED BY \"${cfg.dbPassword}\";"
|
||||
cat ${pkgs.zabbix.server}/share/zabbix/db/schema/mysql.sql | ${pkgs.sudo}/bin/sudo -u zabbix ${pkgs.mysql}/bin/mysql -u${cfg.dbUser} -p${cfg.dbPassword} ${cfg.dbName}
|
||||
cat ${pkgs.zabbix.server}/share/zabbix/db/data/images.sql | ${pkgs.sudo}/bin/sudo -u zabbix ${pkgs.mysql}/bin/mysql -u${cfg.dbUser} -p${cfg.dbPassword} ${cfg.dbName}
|
||||
cat ${pkgs.zabbix.server}/share/zabbix/db/data/data.sql | ${pkgs.sudo}/bin/sudo -u zabbix ${pkgs.mysql}/bin/mysql -u${cfg.dbUser} -p${cfg.dbPassword} ${cfg.dbName}
|
||||
touch "${libDir}/db-created"
|
||||
fi''}
|
||||
'';
|
||||
|
||||
path = [ pkgs.nettools ];
|
||||
|
||||
serviceConfig.ExecStart = "${pkgs.zabbix.server}/sbin/zabbix_server --config ${configFile}";
|
||||
serviceConfig.Type = "forking";
|
||||
serviceConfig.PIDFile = pidFile;
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
225
nixos/modules/services/web-apps/zabbix.nix
Normal file
225
nixos/modules/services/web-apps/zabbix.nix
Normal file
|
@ -0,0 +1,225 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
|
||||
inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption types;
|
||||
inherit (lib) literalExample mapAttrs optionalString;
|
||||
|
||||
cfg = config.services.zabbixWeb;
|
||||
fpm = config.services.phpfpm.pools.zabbix;
|
||||
|
||||
user = "zabbix";
|
||||
group = "zabbix";
|
||||
stateDir = "/var/lib/zabbix";
|
||||
|
||||
zabbixConfig = pkgs.writeText "zabbix.conf.php" ''
|
||||
<?php
|
||||
// Zabbix GUI configuration file.
|
||||
global $DB;
|
||||
$DB['TYPE'] = '${ { "mysql" = "MYSQL"; "pgsql" = "POSTGRESQL"; "oracle" = "ORACLE"; }.${cfg.database.type} }';
|
||||
$DB['SERVER'] = '${cfg.database.host}';
|
||||
$DB['PORT'] = '${toString cfg.database.port}';
|
||||
$DB['DATABASE'] = '${cfg.database.name}';
|
||||
$DB['USER'] = '${cfg.database.user}';
|
||||
$DB['PASSWORD'] = ${if cfg.database.passwordFile != null then "file_get_contents('${cfg.database.passwordFile}')" else "''"};
|
||||
// Schema name. Used for IBM DB2 and PostgreSQL.
|
||||
$DB['SCHEMA'] = ''';
|
||||
$ZBX_SERVER = '${cfg.server.address}';
|
||||
$ZBX_SERVER_PORT = '${toString cfg.server.port}';
|
||||
$ZBX_SERVER_NAME = ''';
|
||||
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
|
||||
'';
|
||||
|
||||
in
|
||||
{
|
||||
# interface
|
||||
|
||||
options.services = {
|
||||
zabbixWeb = {
|
||||
enable = mkEnableOption "the Zabbix web interface";
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.zabbix.web;
|
||||
defaultText = "zabbix.web";
|
||||
description = "Which Zabbix package to use.";
|
||||
};
|
||||
|
||||
server = {
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
description = "The port of the Zabbix server to connect to.";
|
||||
default = 10051;
|
||||
};
|
||||
|
||||
address = mkOption {
|
||||
type = types.str;
|
||||
description = "The IP address or hostname of the Zabbix server to connect to.";
|
||||
default = "localhost";
|
||||
};
|
||||
};
|
||||
|
||||
database = {
|
||||
type = mkOption {
|
||||
type = types.enum [ "mysql" "pgsql" "oracle" ];
|
||||
example = "mysql";
|
||||
default = "pgsql";
|
||||
description = "Database engine to use.";
|
||||
};
|
||||
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "Database host address.";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default =
|
||||
if cfg.database.type == "mysql" then config.services.mysql.port
|
||||
else if cfg.database.type == "pgsql" then config.services.postgresql.port
|
||||
else 1521;
|
||||
description = "Database host port.";
|
||||
};
|
||||
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = "zabbix";
|
||||
description = "Database name.";
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "zabbix";
|
||||
description = "Database user.";
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/run/keys/zabbix-dbpassword";
|
||||
description = ''
|
||||
A file containing the password corresponding to
|
||||
<option>database.user</option>.
|
||||
'';
|
||||
};
|
||||
|
||||
socket = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/run/postgresql";
|
||||
description = "Path to the unix socket file to use for authentication.";
|
||||
};
|
||||
};
|
||||
|
||||
virtualHost = mkOption {
|
||||
type = types.submodule ({
|
||||
options = import ../web-servers/apache-httpd/per-server-options.nix {
|
||||
inherit lib;
|
||||
forMainServer = false;
|
||||
};
|
||||
});
|
||||
example = {
|
||||
hostName = "zabbix.example.org";
|
||||
enableSSL = true;
|
||||
adminAddr = "webmaster@example.org";
|
||||
sslServerCert = "/var/lib/acme/zabbix.example.org/full.pem";
|
||||
sslServerKey = "/var/lib/acme/zabbix.example.org/key.pem";
|
||||
};
|
||||
description = ''
|
||||
Apache configuration can be done by adapting <literal>services.httpd.virtualHosts.<name></literal>.
|
||||
See <xref linkend="opt-services.httpd.virtualHosts"/> for further information.
|
||||
'';
|
||||
};
|
||||
|
||||
poolConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = ''
|
||||
pm = dynamic
|
||||
pm.max_children = 32
|
||||
pm.start_servers = 2
|
||||
pm.min_spare_servers = 2
|
||||
pm.max_spare_servers = 4
|
||||
pm.max_requests = 500
|
||||
'';
|
||||
description = ''
|
||||
Options for the Zabbix PHP pool. See the documentation on <literal>php-fpm.conf</literal> for details on configuration directives.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
# implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${stateDir}' 0750 ${user} ${group} - -"
|
||||
"d '${stateDir}/session' 0750 ${user} ${config.services.httpd.group} - -"
|
||||
];
|
||||
|
||||
services.phpfpm.pools.zabbix = {
|
||||
phpOptions = ''
|
||||
# https://www.zabbix.com/documentation/current/manual/installation/install
|
||||
memory_limit = 128M
|
||||
post_max_size = 16M
|
||||
upload_max_filesize = 2M
|
||||
max_execution_time = 300
|
||||
max_input_time = 300
|
||||
session.auto_start = 0
|
||||
mbstring.func_overload = 0
|
||||
always_populate_raw_post_data = -1
|
||||
# https://bbs.archlinux.org/viewtopic.php?pid=1745214#p1745214
|
||||
session.save_path = ${stateDir}/session
|
||||
'' + optionalString (config.time.timeZone != null) ''
|
||||
date.timezone = "${config.time.timeZone}"
|
||||
'' + optionalString (cfg.database.type == "oracle") ''
|
||||
extension=${pkgs.phpPackages.oci8}/lib/php/extensions/oci8.so
|
||||
'';
|
||||
listen = "/run/phpfpm/zabbix.sock";
|
||||
extraConfig = ''
|
||||
listen.owner = ${config.services.httpd.user};
|
||||
listen.group = ${config.services.httpd.group};
|
||||
user = ${user};
|
||||
group = ${config.services.httpd.group};
|
||||
env[ZABBIX_CONFIG] = ${zabbixConfig}
|
||||
${cfg.poolConfig}
|
||||
'';
|
||||
};
|
||||
|
||||
services.httpd = {
|
||||
enable = true;
|
||||
adminAddr = mkDefault cfg.virtualHost.adminAddr;
|
||||
extraModules = [ "proxy_fcgi" ];
|
||||
virtualHosts = [ (mkMerge [
|
||||
cfg.virtualHost {
|
||||
documentRoot = mkForce "${cfg.package}/share/zabbix";
|
||||
extraConfig = ''
|
||||
<Directory "${cfg.package}/share/zabbix">
|
||||
<FilesMatch "\.php$">
|
||||
<If "-f %{REQUEST_FILENAME}">
|
||||
SetHandler "proxy:unix:${fpm.listen}|fcgi://localhost/"
|
||||
</If>
|
||||
</FilesMatch>
|
||||
AllowOverride all
|
||||
Options -Indexes
|
||||
DirectoryIndex index.php
|
||||
</Directory>
|
||||
'';
|
||||
}
|
||||
]) ];
|
||||
};
|
||||
|
||||
users.users.${user} = mapAttrs (name: mkDefault) {
|
||||
description = "Zabbix daemon user";
|
||||
uid = config.ids.uids.zabbix;
|
||||
inherit group;
|
||||
};
|
||||
|
||||
users.groups.${group} = mapAttrs (name: mkDefault) {
|
||||
gid = config.ids.gids.zabbix;
|
||||
};
|
||||
|
||||
};
|
||||
}
|
|
@ -1,84 +0,0 @@
|
|||
{ config, lib, pkgs, serverInfo, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
# The Zabbix PHP frontend needs to be able to write its
|
||||
# configuration settings (the connection info to the database) to
|
||||
# the "conf" subdirectory. So symlink $out/conf to some directory
|
||||
# outside of the Nix store where we want to keep this stateful info.
|
||||
# Note that different instances of the frontend will therefore end
|
||||
# up with their own copies of the PHP sources. !!! Alternatively,
|
||||
# we could generate zabbix.conf.php declaratively.
|
||||
zabbixPHP = pkgs.runCommand "${pkgs.zabbix.server.name}-php" {}
|
||||
''
|
||||
cp -rs ${pkgs.zabbix.server}/share/zabbix/php "$out"
|
||||
chmod -R u+w $out
|
||||
ln -s "${if config.configFile == null
|
||||
then "${config.stateDir}/zabbix.conf.php"
|
||||
else config.configFile}" "$out/conf/zabbix.conf.php"
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
enablePHP = true;
|
||||
|
||||
phpOptions =
|
||||
''
|
||||
post_max_size = 32M
|
||||
max_execution_time = 300
|
||||
max_input_time = 300
|
||||
'';
|
||||
|
||||
extraConfig = ''
|
||||
Alias ${config.urlPrefix}/ ${zabbixPHP}/
|
||||
|
||||
<Directory ${zabbixPHP}>
|
||||
DirectoryIndex index.php
|
||||
Order deny,allow
|
||||
Allow from *
|
||||
</Directory>
|
||||
'';
|
||||
|
||||
startupScript = pkgs.writeScript "zabbix-startup-hook" ''
|
||||
mkdir -p ${config.stateDir}
|
||||
chown -R ${serverInfo.serverConfig.user} ${config.stateDir}
|
||||
'';
|
||||
|
||||
# The frontend needs "ps" to find out whether zabbix_server is running.
|
||||
extraServerPath = [ pkgs.procps ];
|
||||
|
||||
options = {
|
||||
|
||||
urlPrefix = mkOption {
|
||||
default = "/zabbix";
|
||||
description = "
|
||||
The URL prefix under which the Zabbix service appears.
|
||||
Use the empty string to have it appear in the server root.
|
||||
";
|
||||
};
|
||||
|
||||
configFile = mkOption {
|
||||
default = null;
|
||||
type = types.nullOr types.path;
|
||||
description = ''
|
||||
The configuration file (zabbix.conf.php) which contains the database
|
||||
connection settings. If not set, the configuration settings will created
|
||||
by the web installer.
|
||||
'';
|
||||
};
|
||||
|
||||
stateDir = mkOption {
|
||||
default = "/var/lib/zabbix/frontend";
|
||||
description = "
|
||||
Directory where the dynamically generated configuration data
|
||||
of the PHP frontend will be stored.
|
||||
";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
|
@ -1,41 +0,0 @@
|
|||
{ stdenv, fetchurl, pcre, libiconv, openssl }:
|
||||
|
||||
|
||||
let
|
||||
|
||||
version = "3.4.8";
|
||||
branch = "3.4";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://netix.dl.sourceforge.net/project/zabbix/ZABBIX%20Latest%20Stable/${version}/zabbix-${version}.tar.gz";
|
||||
sha256 = "cec14993d1ec2c9d8c51f6608c9408620f27174db92edc2347bafa7b841ccc07";
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
agent = stdenv.mkDerivation {
|
||||
name = "zabbix-agent-${version}";
|
||||
|
||||
inherit src;
|
||||
|
||||
configureFlags = [
|
||||
"--enable-agent"
|
||||
"--with-libpcre=${pcre.dev}"
|
||||
"--with-iconv=${libiconv}"
|
||||
"--with-openssl=${openssl.dev}"
|
||||
];
|
||||
buildInputs = [ pcre libiconv openssl ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
inherit branch;
|
||||
description = "An enterprise-class open source distributed monitoring solution (client-side agent)";
|
||||
homepage = https://www.zabbix.com/;
|
||||
license = licenses.gpl2;
|
||||
maintainers = [ maintainers.eelco ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
38
pkgs/servers/monitoring/zabbix/agent.nix
Normal file
38
pkgs/servers/monitoring/zabbix/agent.nix
Normal file
|
@ -0,0 +1,38 @@
|
|||
{ stdenv, fetchurl, pkgconfig, libiconv, openssl, pcre }:
|
||||
|
||||
import ./versions.nix ({ version, sha256 }:
|
||||
stdenv.mkDerivation {
|
||||
pname = "zabbix-agent";
|
||||
inherit version;
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/zabbix/ZABBIX%20Latest%20Stable/${version}/zabbix-${version}.tar.gz";
|
||||
inherit sha256;
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkgconfig ];
|
||||
buildInputs = [
|
||||
libiconv
|
||||
openssl
|
||||
pcre
|
||||
];
|
||||
|
||||
configureFlags = [
|
||||
"--enable-agent"
|
||||
"--with-iconv"
|
||||
"--with-libpcre"
|
||||
"--with-openssl=${openssl.dev}"
|
||||
];
|
||||
|
||||
postInstall = ''
|
||||
cp conf/zabbix_agentd/*.conf $out/etc/zabbix_agentd.conf.d/
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "An enterprise-class open source distributed monitoring solution (client-side agent)";
|
||||
homepage = "https://www.zabbix.com/";
|
||||
license = licenses.gpl2;
|
||||
maintainers = with maintainers; [ mmahut psyanticy ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
})
|
|
@ -1,76 +0,0 @@
|
|||
{ stdenv, fetchurl, pkgconfig, curl, openssl, zlib, pcre, libevent, mysql, libiconv, libxml2 }:
|
||||
|
||||
let
|
||||
version = "4.0.9";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://netix.dl.sourceforge.net/project/zabbix/ZABBIX%20Latest%20Stable/${version}/zabbix-${version}.tar.gz";
|
||||
sha256 = "aa0bc9b5e5ca8e1b49b7551e2c5d86e0342c8630cba3a0b0e0e5d9c846e784d1";
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
server = stdenv.mkDerivation {
|
||||
name = "zabbix-${version}";
|
||||
|
||||
inherit src;
|
||||
NIX_CFLAGS_COMPILE = "-L${mysql.connector-c}/lib/mysql -I${mysql.connector-c}/include/mysql";
|
||||
configureFlags = [
|
||||
"--enable-server"
|
||||
"--with-mysql"
|
||||
"--with-libcurl"
|
||||
"--with-libxml2"
|
||||
"--with-zlib"
|
||||
"--with-libpcre=${pcre.dev}"
|
||||
"--with-libevent=${libevent.dev}"
|
||||
"--with-iconv=${libiconv}"
|
||||
"--with-openssl=${openssl.dev}"
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ pkgconfig ];
|
||||
buildInputs = [ mysql curl openssl zlib pcre libxml2 libevent ] ;
|
||||
|
||||
postInstall =
|
||||
''
|
||||
mkdir -p $out/share/zabbix
|
||||
cp -prvd frontends/php $out/share/zabbix/php
|
||||
mkdir -p $out/share/zabbix/db/data
|
||||
cp -prvd database/mysql/data.sql $out/share/zabbix/db/data/data.sql
|
||||
cp -prvd database/mysql/images.sql $out/share/zabbix/db/data/images.sql
|
||||
mkdir -p $out/share/zabbix/db/schema
|
||||
cp -prvd database/mysql/schema.sql $out/share/zabbix/db/schema/mysql.sql
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "An enterprise-class open source distributed monitoring solution (server)";
|
||||
homepage = http://www.zabbix.com/;
|
||||
license = licenses.gpl2;
|
||||
maintainers = [ maintainers.psyanticy ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
};
|
||||
|
||||
agent = stdenv.mkDerivation {
|
||||
name = "zabbix-agent-${version}";
|
||||
|
||||
inherit src;
|
||||
|
||||
configureFlags = [
|
||||
"--enable-agent"
|
||||
"--with-libpcre=${pcre.dev}"
|
||||
"--with-iconv=${libiconv}"
|
||||
"--with-openssl=${openssl.dev}"
|
||||
];
|
||||
buildInputs = [ pcre libiconv openssl ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "An enterprise-class open source distributed monitoring solution (client-side agent)";
|
||||
homepage = http://www.zabbix.com/;
|
||||
license = licenses.gpl2;
|
||||
maintainers = [ maintainers.psyanticy ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
};
|
||||
}
|
79
pkgs/servers/monitoring/zabbix/proxy.nix
Normal file
79
pkgs/servers/monitoring/zabbix/proxy.nix
Normal file
|
@ -0,0 +1,79 @@
|
|||
{ stdenv, fetchurl, pkgconfig, libevent, libiconv, openssl, pcre, zlib
|
||||
, odbcSupport ? true, unixODBC
|
||||
, snmpSupport ? true, net_snmp
|
||||
, sshSupport ? true, libssh2
|
||||
, sqliteSupport ? false, sqlite
|
||||
, mysqlSupport ? false, mysql
|
||||
, postgresqlSupport ? false, postgresql
|
||||
}:
|
||||
|
||||
# ensure exactly one database type is selected
|
||||
assert mysqlSupport -> !postgresqlSupport && !sqliteSupport;
|
||||
assert postgresqlSupport -> !mysqlSupport && !sqliteSupport;
|
||||
assert sqliteSupport -> !mysqlSupport && !postgresqlSupport;
|
||||
|
||||
let
|
||||
inherit (stdenv.lib) optional optionalString;
|
||||
in
|
||||
import ./versions.nix ({ version, sha256 }:
|
||||
stdenv.mkDerivation {
|
||||
pname = "zabbix-proxy";
|
||||
inherit version;
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/zabbix/ZABBIX%20Latest%20Stable/${version}/zabbix-${version}.tar.gz";
|
||||
inherit sha256;
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkgconfig ];
|
||||
buildInputs = [
|
||||
libevent
|
||||
libiconv
|
||||
openssl
|
||||
pcre
|
||||
zlib
|
||||
]
|
||||
++ optional odbcSupport unixODBC
|
||||
++ optional snmpSupport net_snmp
|
||||
++ optional sqliteSupport sqlite
|
||||
++ optional sshSupport libssh2
|
||||
++ optional mysqlSupport mysql.connector-c
|
||||
++ optional postgresqlSupport postgresql;
|
||||
|
||||
configureFlags = [
|
||||
"--enable-proxy"
|
||||
"--with-iconv"
|
||||
"--with-libevent"
|
||||
"--with-libpcre"
|
||||
"--with-openssl=${openssl.dev}"
|
||||
"--with-zlib=${zlib}"
|
||||
]
|
||||
++ optional odbcSupport "--with-unixodbc"
|
||||
++ optional snmpSupport "--with-net-snmp"
|
||||
++ optional sqliteSupport "--with-sqlite3=${sqlite.dev}"
|
||||
++ optional sshSupport "--with-ssh2=${libssh2.dev}"
|
||||
++ optional mysqlSupport "--with-mysql"
|
||||
++ optional postgresqlSupport "--with-postgresql";
|
||||
|
||||
prePatch = ''
|
||||
find database -name data.sql -exec sed -i 's|/usr/bin/||g' {} +
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
mkdir -p $out/share/zabbix/database/
|
||||
'' + optionalString sqliteSupport ''
|
||||
mkdir -p $out/share/zabbix/database/sqlite3
|
||||
cp -prvd database/sqlite3/*.sql $out/share/zabbix/database/sqlite3/
|
||||
'' + optionalString postgresqlSupport ''
|
||||
mkdir -p $out/share/zabbix/database/postgresql
|
||||
cp -prvd database/postgresql/schema.sql $out/share/zabbix/database/postgresql/
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "An enterprise-class open source distributed monitoring solution (client-server proxy)";
|
||||
homepage = "https://www.zabbix.com/";
|
||||
license = licenses.gpl2;
|
||||
maintainers = [ maintainers.mmahut ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
})
|
86
pkgs/servers/monitoring/zabbix/server.nix
Normal file
86
pkgs/servers/monitoring/zabbix/server.nix
Normal file
|
@ -0,0 +1,86 @@
|
|||
{ stdenv, fetchurl, pkgconfig, curl, libevent, libiconv, libxml2, openssl, pcre, zlib
|
||||
, jabberSupport ? true, iksemel
|
||||
, ldapSupport ? true, openldap
|
||||
, odbcSupport ? true, unixODBC
|
||||
, snmpSupport ? true, net_snmp
|
||||
, sshSupport ? true, libssh2
|
||||
, mysqlSupport ? false, mysql
|
||||
, postgresqlSupport ? false, postgresql
|
||||
}:
|
||||
|
||||
# ensure exactly one primary database type is selected
|
||||
assert mysqlSupport -> !postgresqlSupport;
|
||||
assert postgresqlSupport -> !mysqlSupport;
|
||||
|
||||
let
|
||||
inherit (stdenv.lib) optional optionalString;
|
||||
in
|
||||
import ./versions.nix ({ version, sha256 }:
|
||||
stdenv.mkDerivation {
|
||||
pname = "zabbix-server";
|
||||
inherit version;
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/zabbix/ZABBIX%20Latest%20Stable/${version}/zabbix-${version}.tar.gz";
|
||||
inherit sha256;
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkgconfig ];
|
||||
buildInputs = [
|
||||
curl
|
||||
libevent
|
||||
libiconv
|
||||
libxml2
|
||||
openssl
|
||||
pcre
|
||||
zlib
|
||||
]
|
||||
++ optional odbcSupport unixODBC
|
||||
++ optional jabberSupport iksemel
|
||||
++ optional ldapSupport openldap
|
||||
++ optional snmpSupport net_snmp
|
||||
++ optional sshSupport libssh2
|
||||
++ optional mysqlSupport mysql.connector-c
|
||||
++ optional postgresqlSupport postgresql;
|
||||
|
||||
configureFlags = [
|
||||
"--enable-server"
|
||||
"--with-iconv"
|
||||
"--with-libcurl"
|
||||
"--with-libevent"
|
||||
"--with-libpcre"
|
||||
"--with-libxml2"
|
||||
"--with-openssl=${openssl.dev}"
|
||||
"--with-zlib=${zlib}"
|
||||
]
|
||||
++ optional odbcSupport "--with-unixodbc"
|
||||
++ optional jabberSupport "--with-jabber"
|
||||
++ optional ldapSupport "--with-ldap=${openldap.dev}"
|
||||
++ optional snmpSupport "--with-net-snmp"
|
||||
++ optional sshSupport "--with-ssh2=${libssh2.dev}"
|
||||
++ optional mysqlSupport "--with-mysql"
|
||||
++ optional postgresqlSupport "--with-postgresql";
|
||||
|
||||
prePatch = ''
|
||||
find database -name data.sql -exec sed -i 's|/usr/bin/||g' {} +
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
mkdir -p $out/share/zabbix/database/
|
||||
cp -r include $out/
|
||||
'' + optionalString mysqlSupport ''
|
||||
mkdir -p $out/share/zabbix/database/mysql
|
||||
cp -prvd database/mysql/*.sql $out/share/zabbix/database/mysql/
|
||||
'' + optionalString postgresqlSupport ''
|
||||
mkdir -p $out/share/zabbix/database/postgresql
|
||||
cp -prvd database/postgresql/*.sql $out/share/zabbix/database/postgresql/
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "An enterprise-class open source distributed monitoring solution";
|
||||
homepage = "https://www.zabbix.com/";
|
||||
license = licenses.gpl2;
|
||||
maintainers = with maintainers; [ mmahut psyanticy ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
})
|
16
pkgs/servers/monitoring/zabbix/versions.nix
Normal file
16
pkgs/servers/monitoring/zabbix/versions.nix
Normal file
|
@ -0,0 +1,16 @@
|
|||
generic: {
|
||||
v42 = generic {
|
||||
version = "4.2.3";
|
||||
sha256 = "0865c1a9vcgg4syhp5133rw9v1h65lp0g1y2f758jb9x9ybrr01s";
|
||||
};
|
||||
|
||||
v40 = generic {
|
||||
version = "4.0.9";
|
||||
sha256 = "1lc4wx3cing5w2qa18yb6232qd70hrfjq7jmnx4ip3nawnswj2xa";
|
||||
};
|
||||
|
||||
v30 = generic {
|
||||
version = "3.0.28";
|
||||
sha256 = "16966danf5ww4lhjg5gx5bnpid8abxh2ymdg6k5mymrman5bcdjj";
|
||||
};
|
||||
}
|
32
pkgs/servers/monitoring/zabbix/web.nix
Normal file
32
pkgs/servers/monitoring/zabbix/web.nix
Normal file
|
@ -0,0 +1,32 @@
|
|||
{ stdenv, fetchurl, writeText }:
|
||||
|
||||
import ./versions.nix ({ version, sha256 }:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "zabbix-web";
|
||||
inherit version;
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/zabbix/ZABBIX%20Latest%20Stable/${version}/zabbix-${version}.tar.gz";
|
||||
inherit sha256;
|
||||
};
|
||||
|
||||
phpConfig = writeText "zabbix.conf.php" ''
|
||||
<?php
|
||||
return require(getenv('ZABBIX_CONFIG'));
|
||||
?>
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/share/zabbix/
|
||||
cp -a frontends/php/. $out/share/zabbix/
|
||||
cp ${phpConfig} $out/share/zabbix/conf/zabbix.conf.php
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "An enterprise-class open source distributed monitoring solution (web frontend)";
|
||||
homepage = "https://www.zabbix.com/";
|
||||
license = licenses.gpl2;
|
||||
maintainers = [ maintainers.mmahut ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
})
|
|
@ -14959,9 +14959,24 @@ in
|
|||
|
||||
youtrack = callPackage ../servers/jetbrains/youtrack.nix { };
|
||||
|
||||
zabbix = recurseIntoAttrs (callPackages ../servers/monitoring/zabbix {});
|
||||
zabbixFor = version: rec {
|
||||
agent = (callPackages ../servers/monitoring/zabbix/agent.nix {}).${version};
|
||||
proxy-mysql = (callPackages ../servers/monitoring/zabbix/proxy.nix { mysqlSupport = true; }).${version};
|
||||
proxy-pgsql = (callPackages ../servers/monitoring/zabbix/proxy.nix { postgresqlSupport = true; }).${version};
|
||||
proxy-sqlite = (callPackages ../servers/monitoring/zabbix/proxy.nix { sqliteSupport = true; }).${version};
|
||||
server-mysql = (callPackages ../servers/monitoring/zabbix/server.nix { mysqlSupport = true; }).${version};
|
||||
server-pgsql = (callPackages ../servers/monitoring/zabbix/server.nix { postgresqlSupport = true; }).${version};
|
||||
web = (callPackages ../servers/monitoring/zabbix/web.nix {}).${version};
|
||||
|
||||
zabbix34 = callPackage ../servers/monitoring/zabbix/3.4.nix { };
|
||||
# backwards compatibility
|
||||
server = server-pgsql;
|
||||
};
|
||||
|
||||
zabbix42 = zabbixFor "v42";
|
||||
zabbix40 = zabbixFor "v40";
|
||||
zabbix30 = zabbixFor "v30";
|
||||
|
||||
zabbix = zabbix42;
|
||||
|
||||
zipkin = callPackage ../servers/monitoring/zipkin { };
|
||||
|
||||
|
|
Loading…
Reference in a new issue