nix
/
lib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Grafana now has a 'settings' submap

This commit is contained in:
niten 2022-12-02 08:49:52 -08:00
parent ff1aa983bf
commit 3663be3460
2 changed files with 49 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
lib/fudo/grafana.nix
View File

@ -1,6 +1,6 @@
# NOTE: this assumes that postgres is running locally. # NOTE: this assumes that postgres is running locally.
{ config, lib, pkgs, ... } @ toplevel: { config, lib, pkgs, ... }@toplevel:
with lib; with lib;
let let
@ -92,8 +92,10 @@ in {
email = mkOption { email = mkOption {
type = str; type = str;
description = "Address from which mail will be sent (i.e. 'from' address)."; description =
default = "${toplevel.config.fudo.grafana.smtp.username}@${domain-name}"; "Address from which mail will be sent (i.e. 'from' address).";
default =
"${toplevel.config.fudo.grafana.smtp.username}@${domain-name}";
}; };
domain = mkOption { domain = mkOption {
@ -138,13 +140,14 @@ in {
secret-key-file = mkOption { secret-key-file = mkOption {
type = str; type = str;
description = "Path to a file containing the server's secret key, used for signatures."; description =
"Path to a file containing the server's secret key, used for signatures.";
}; };
datasources = mkOption { datasources = mkOption {
type = attrsOf (submodule datasourceOpts); type = attrsOf (submodule datasourceOpts);
description = "A list of datasources supplied to Grafana."; description = "A list of datasources supplied to Grafana.";
default = {}; default = { };
}; };
state-directory = mkOption { state-directory = mkOption {
@ -158,11 +161,9 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd = { systemd = {
tmpfiles.rules = let tmpfiles.rules =
grafana-user = config.systemd.services.grafana.serviceConfig.User; let grafana-user = config.systemd.services.grafana.serviceConfig.User;
in [ in [ "d ${cfg.state-directory} 0700 ${grafana-user} - - -" ];
"d ${cfg.state-directory} 0700 ${grafana-user} - - -"
];
services.grafana.serviceConfig = { services.grafana.serviceConfig = {
EnvironmentFile = host-secrets.grafana-environment-file.target-file; EnvironmentFile = host-secrets.grafana-environment-file.target-file;
@ -172,7 +173,7 @@ in {
fudo.secrets.host-secrets.${hostname}.grafana-environment-file = { fudo.secrets.host-secrets.${hostname}.grafana-environment-file = {
source-file = pkgs.writeText "grafana.env" '' source-file = pkgs.writeText "grafana.env" ''
${optionalString (cfg.ldap != null) ${optionalString (cfg.ldap != null)
''GRAFANA_LDAP_BIND_PASSWD="${cfg.ldap.bind-passwd}"''} ''GRAFANA_LDAP_BIND_PASSWD="${cfg.ldap.bind-passwd}"''}
''; '';
target-file = "/run/metrics/grafana/auth-bind.passwd"; target-file = "/run/metrics/grafana/auth-bind.passwd";
user = config.systemd.services.grafana.serviceConfig.User; user = config.systemd.services.grafana.serviceConfig.User;
@ -186,8 +187,8 @@ in {
virtualHosts = { virtualHosts = {
"${cfg.hostname}" = { "${cfg.hostname}" = {
enableACME = ! cfg.private-network; enableACME = !cfg.private-network;
forceSSL = ! cfg.private-network; forceSSL = !cfg.private-network;
locations."/".proxyPass = "http://127.0.0.1:3000"; locations."/".proxyPass = "http://127.0.0.1:3000";
}; };
}; };
@ -200,8 +201,7 @@ in {
protocol = "http"; protocol = "http";
port = 3000; port = 3000;
domain = cfg.hostname; domain = cfg.hostname;
rootUrl = let rootUrl = let scheme = if cfg.private-network then "http" else "https";
scheme = if cfg.private-network then "http" else "https";
in "${scheme}://${cfg.hostname}/"; in "${scheme}://${cfg.hostname}/";
dataDir = cfg.state-directory; dataDir = cfg.state-directory;
@ -210,13 +210,15 @@ in {
secretKeyFile = cfg.secret-key-file; secretKeyFile = cfg.secret-key-file;
}; };
smtp = { settings = {
enable = true; smtp = {
# TODO: create system user as necessary enable = true;
fromAddress = "${cfg.smtp.username}@${cfg.smtp.domain}"; # TODO: create system user as necessary
host = "${cfg.smtp.hostname}:25"; fromAddress = "${cfg.smtp.username}@${cfg.smtp.domain}";
user = cfg.smtp.username; host = "${cfg.smtp.hostname}:25";
passwordFile = cfg.smtp.password-file; user = cfg.smtp.username;
passwordFile = cfg.smtp.password-file;
};
}; };
extraOptions = mkIf (cfg.ldap != null) (let extraOptions = mkIf (cfg.ldap != null) (let

45
lib/fudo/minecraft-clj.nix
View File

@ -202,6 +202,8 @@ in {
groups."${cfg.group}" = { members = [ cfg.user ]; }; groups."${cfg.group}" = { members = [ cfg.user ]; };
}; };
networking.firewall.allowedTCPPorts = [ 25555 ];
systemd = { systemd = {
tmpfiles.rules = map (worldOpts: tmpfiles.rules = map (worldOpts:
"d ${worldStateDir worldOpts} 0700 ${cfg.user} ${cfg.group} - -") "d ${worldStateDir worldOpts} 0700 ${cfg.user} ${cfg.group} - -")
@ -212,13 +214,13 @@ in {
sanitizedName = sanitizeName worldOpts.world-name; sanitizedName = sanitizeName worldOpts.world-name;
serverName = "minecraft-clj-${sanitizedName}"; serverName = "minecraft-clj-${sanitizedName}";
stateDir = worldStateDir worldOpts; stateDir = worldStateDir worldOpts;
startScript = let
preStartScript = let
admins-file = pkgs.writeText "${sanitizedName}-ops.txt" admins-file = pkgs.writeText "${sanitizedName}-ops.txt"
(concatStringsSep "\n" cfg.admins); (concatStringsSep "\n" cfg.admins);
props-file = genPropsFile worldOpts; props-file = genPropsFile worldOpts;
eula-file = eula-file =
pkgs.writeText "mc-${sanitizedName}-eula.txt" "eula=true"; pkgs.writeText "mc-${sanitizedName}-eula.txt" "eula=true";
in pkgs.writeShellScript "mc-initialize-${sanitizedName}.sh" '' in pkgs.writeShellScript "mc-initialize-${sanitizedName}.sh" ''
cp -f ${admins-file} ${stateDir}/ops.txt cp -f ${admins-file} ${stateDir}/ops.txt
cp -f ${props-file} ${stateDir}/server.properties cp -f ${props-file} ${stateDir}/server.properties
@ -228,6 +230,15 @@ in {
chmod u+w ${stateDir}/server.properties chmod u+w ${stateDir}/server.properties
''; '';
startScript = let
mem = "${toString worldOpts.allocated-memory}G";
memFlags = [ "-Xms${mem}" "-Xmx${mem}" ];
flags = commonFlags ++ memFlags
++ (optionals (worldOpts.allocated-memory >= 12) highMemFlags);
flagStr = concatStringsSep " " flags;
in pkgs.writeShellScript "mc-start-${sanitized-Name}.sh"
"${pkgs.papermc}/bin/minecraft-server ${flagStr}";
in nameValuePair serverName { in nameValuePair serverName {
enable = worldOpts.enable; enable = worldOpts.enable;
description = description =
@ -238,27 +249,21 @@ in {
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
WorkingDirectory = stateDir; WorkingDirectory = stateDir;
ExecStartPre = "${startScript}"; ExecStartPre = "${preStartScript}";
ExecStart = let ExecStart = "${startScript}";
mem = "${toString worldOpts.allocated-memory}G";
memFlags = [ "-Xms${mem}" "-Xmx${mem}" ];
flags = commonFlags ++ memFlags
++ (optionals (worldOpts.allocated-memory >= 12) highMemFlags);
flagStr = concatStringsSep " " flags;
in "${pkgs.papermc}/bin/minecraft-server ${flagStr}";
Restart = "always"; Restart = "always";
# NoNewPrivileges = true; NoNewPrivileges = true;
# PrivateTmp = true; # PrivateTmp = true;
# PrivateDevices = true; PrivateDevices = true;
# ProtectSystem = "strict"; ProtectSystem = "strict";
# ProtectHome = true; ProtectHome = true;
# ProtectControlGroups = true; ProtectControlGroups = true;
# ProtectKernelModules = true; ProtectKernelModules = true;
# ProtectKernelTunables = true; ProtectKernelTunables = true;
# RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
# RestrictRealtime = true; RestrictRealtime = true;
# RestrictNamespaces = true; RestrictNamespaces = true;
ReadWritePaths = [ cfg.state-directory ]; ReadWritePaths = [ cfg.state-directory ];
}; };
}) cfg.worlds; }) cfg.worlds;