Loading nixos/modules/services/monitoring/grafana.nix +16 −16 Original line number Diff line number Diff line Loading @@ -245,17 +245,17 @@ in { (mkRenamedOptionModule [ "services" "grafana" "users" "autoAssignOrg" ] [ "services" "grafana" "settings" "users" "auto_assign_org" ]) (mkRenamedOptionModule [ "services" "grafana" "users" "autoAssignOrgRole" ] [ "services" "grafana" "settings" "users" "auto_assign_org_role" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "disableLoginForm" ] [ "services" "grafana" "settings" "auth" "disable_login_form" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "anonymous" "enable" ] [ "services" "grafana" "settings" "auth" "anonymous" "enable" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "anonymous" "org_name" ] [ "services" "grafana" "settings" "auth" "anonymous" "org_name" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "anonymous" "org_role" ] [ "services" "grafana" "settings" "auth" "anonymous" "org_role" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "enable" ] [ "services" "grafana" "settings" "auth" "azuread" "enable" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "allowSignUp" ] [ "services" "grafana" "settings" "auth" "azuread" "allow_sign_up" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "clientId" ] [ "services" "grafana" "settings" "auth" "azuread" "client_id" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "allowedDomains" ] [ "services" "grafana" "settings" "auth" "azuread" "allowed_domains" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "allowedGroups" ] [ "services" "grafana" "settings" "auth" "azuread" "allowed_groups" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "google" "enable" ] [ "services" "grafana" "settings" "auth" "google" "enable" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "google" "allowSignUp" ] [ "services" "grafana" "settings" "auth" "google" "allow_sign_up" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "google" "clientId" ] [ "services" "grafana" "settings" "auth" "google" "client_id" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "anonymous" "enable" ] [ "services" "grafana" "settings" "auth.anonymous" "enabled" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "anonymous" "org_name" ] [ "services" "grafana" "settings" "auth.anonymous" "org_name" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "anonymous" "org_role" ] [ "services" "grafana" "settings" "auth.anonymous" "org_role" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "enable" ] [ "services" "grafana" "settings" "auth.azuread" "enabled" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "allowSignUp" ] [ "services" "grafana" "settings" "auth.azuread" "allow_sign_up" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "clientId" ] [ "services" "grafana" "settings" "auth.azuread" "client_id" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "allowedDomains" ] [ "services" "grafana" "settings" "auth.azuread" "allowed_domains" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "allowedGroups" ] [ "services" "grafana" "settings" "auth.azuread" "allowed_groups" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "google" "enable" ] [ "services" "grafana" "settings" "auth.google" "enabled" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "google" "allowSignUp" ] [ "services" "grafana" "settings" "auth.google" "allow_sign_up" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "google" "clientId" ] [ "services" "grafana" "settings" "auth.google" "client_id" ]) (mkRenamedOptionModule [ "services" "grafana" "analytics" "reporting" "enable" ] [ "services" "grafana" "settings" "analytics" "reporting_enabled" ]) (mkRemovedOptionModule [ "services" "grafana" "database" "passwordFile" ] '' Loading Loading @@ -351,7 +351,7 @@ in { protocol = mkOption { description = lib.mdDoc "Which protocol to listen."; default = "http"; type = types.enum ["http" "https" "socket"]; type = types.enum ["http" "https" "h2" "socket"]; }; http_addr = mkOption { Loading Loading @@ -1173,14 +1173,14 @@ in { any (x: x.secure_settings != null) cfg.provision.notifiers ) "Notifier secure settings will be stored as plaintext in the Nix store! Use file provider instead.") (optional ( builtins.isList cfg.provision.datasources builtins.isList cfg.provision.datasources && cfg.provision.datasources != [] ) '' Provisioning Grafana datasources with options has been deprecated. Use `services.grafana.provision.datasources.settings` or `services.grafana.provision.datasources.path` instead. '') (optional ( builtins.isList cfg.provision.dashboards builtins.isList cfg.provision.datasources && cfg.provision.dashboards != [] ) '' Provisioning Grafana dashboards with options has been deprecated. Use `services.grafana.provision.dashboards.settings` or Loading Loading @@ -1253,8 +1253,8 @@ in { RuntimeDirectory = "grafana"; RuntimeDirectoryMode = "0755"; # Hardening AmbientCapabilities = lib.mkIf (cfg.port < 1024) [ "CAP_NET_BIND_SERVICE" ]; CapabilityBoundingSet = if (cfg.port < 1024) then [ "CAP_NET_BIND_SERVICE" ] else [ "" ]; AmbientCapabilities = lib.mkIf (cfg.settings.server.http_port < 1024) [ "CAP_NET_BIND_SERVICE" ]; CapabilityBoundingSet = if (cfg.settings.server.http_port < 1024) then [ "CAP_NET_BIND_SERVICE" ] else [ "" ]; DeviceAllow = [ "" ]; LockPersonality = true; NoNewPrivileges = true; Loading nixos/tests/grafana/basic.nix +14 −8 Original line number Diff line number Diff line Loading @@ -6,12 +6,18 @@ let baseGrafanaConf = { services.grafana = { enable = true; addr = "localhost"; analytics.reporting.enable = false; settings = { analytics.reporting_enabled = false; server = { http_addr = "localhost"; domain = "localhost"; }; security = { adminUser = "testadmin"; adminPassword = "snakeoilpwd"; admin_user = "testadmin"; admin_password = "snakeoilpwd"; }; }; }; }; Loading @@ -24,7 +30,7 @@ let }; postgresql = { services.grafana.database = { services.grafana.settings.database = { host = "127.0.0.1:5432"; user = "grafana"; }; Loading @@ -40,7 +46,7 @@ let }; mysql = { services.grafana.database.user = "grafana"; services.grafana.settings.database.user = "grafana"; services.mysql = { enable = true; ensureDatabases = [ "grafana" ]; Loading nixos/tests/grafana/provision/default.nix +13 −7 Original line number Diff line number Diff line Loading @@ -6,14 +6,20 @@ let baseGrafanaConf = { services.grafana = { enable = true; addr = "localhost"; analytics.reporting.enable = false; provision.enable = true; settings = { analytics.reporting_enabled = false; server = { http_addr = "localhost"; domain = "localhost"; }; security = { adminUser = "testadmin"; adminPassword = "snakeoilpwd"; admin_user = "testadmin"; admin_password = "snakeoilpwd"; }; }; provision.enable = true; }; systemd.tmpfiles.rules = [ Loading Loading
nixos/modules/services/monitoring/grafana.nix +16 −16 Original line number Diff line number Diff line Loading @@ -245,17 +245,17 @@ in { (mkRenamedOptionModule [ "services" "grafana" "users" "autoAssignOrg" ] [ "services" "grafana" "settings" "users" "auto_assign_org" ]) (mkRenamedOptionModule [ "services" "grafana" "users" "autoAssignOrgRole" ] [ "services" "grafana" "settings" "users" "auto_assign_org_role" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "disableLoginForm" ] [ "services" "grafana" "settings" "auth" "disable_login_form" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "anonymous" "enable" ] [ "services" "grafana" "settings" "auth" "anonymous" "enable" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "anonymous" "org_name" ] [ "services" "grafana" "settings" "auth" "anonymous" "org_name" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "anonymous" "org_role" ] [ "services" "grafana" "settings" "auth" "anonymous" "org_role" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "enable" ] [ "services" "grafana" "settings" "auth" "azuread" "enable" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "allowSignUp" ] [ "services" "grafana" "settings" "auth" "azuread" "allow_sign_up" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "clientId" ] [ "services" "grafana" "settings" "auth" "azuread" "client_id" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "allowedDomains" ] [ "services" "grafana" "settings" "auth" "azuread" "allowed_domains" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "allowedGroups" ] [ "services" "grafana" "settings" "auth" "azuread" "allowed_groups" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "google" "enable" ] [ "services" "grafana" "settings" "auth" "google" "enable" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "google" "allowSignUp" ] [ "services" "grafana" "settings" "auth" "google" "allow_sign_up" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "google" "clientId" ] [ "services" "grafana" "settings" "auth" "google" "client_id" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "anonymous" "enable" ] [ "services" "grafana" "settings" "auth.anonymous" "enabled" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "anonymous" "org_name" ] [ "services" "grafana" "settings" "auth.anonymous" "org_name" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "anonymous" "org_role" ] [ "services" "grafana" "settings" "auth.anonymous" "org_role" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "enable" ] [ "services" "grafana" "settings" "auth.azuread" "enabled" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "allowSignUp" ] [ "services" "grafana" "settings" "auth.azuread" "allow_sign_up" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "clientId" ] [ "services" "grafana" "settings" "auth.azuread" "client_id" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "allowedDomains" ] [ "services" "grafana" "settings" "auth.azuread" "allowed_domains" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "azuread" "allowedGroups" ] [ "services" "grafana" "settings" "auth.azuread" "allowed_groups" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "google" "enable" ] [ "services" "grafana" "settings" "auth.google" "enabled" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "google" "allowSignUp" ] [ "services" "grafana" "settings" "auth.google" "allow_sign_up" ]) (mkRenamedOptionModule [ "services" "grafana" "auth" "google" "clientId" ] [ "services" "grafana" "settings" "auth.google" "client_id" ]) (mkRenamedOptionModule [ "services" "grafana" "analytics" "reporting" "enable" ] [ "services" "grafana" "settings" "analytics" "reporting_enabled" ]) (mkRemovedOptionModule [ "services" "grafana" "database" "passwordFile" ] '' Loading Loading @@ -351,7 +351,7 @@ in { protocol = mkOption { description = lib.mdDoc "Which protocol to listen."; default = "http"; type = types.enum ["http" "https" "socket"]; type = types.enum ["http" "https" "h2" "socket"]; }; http_addr = mkOption { Loading Loading @@ -1173,14 +1173,14 @@ in { any (x: x.secure_settings != null) cfg.provision.notifiers ) "Notifier secure settings will be stored as plaintext in the Nix store! Use file provider instead.") (optional ( builtins.isList cfg.provision.datasources builtins.isList cfg.provision.datasources && cfg.provision.datasources != [] ) '' Provisioning Grafana datasources with options has been deprecated. Use `services.grafana.provision.datasources.settings` or `services.grafana.provision.datasources.path` instead. '') (optional ( builtins.isList cfg.provision.dashboards builtins.isList cfg.provision.datasources && cfg.provision.dashboards != [] ) '' Provisioning Grafana dashboards with options has been deprecated. Use `services.grafana.provision.dashboards.settings` or Loading Loading @@ -1253,8 +1253,8 @@ in { RuntimeDirectory = "grafana"; RuntimeDirectoryMode = "0755"; # Hardening AmbientCapabilities = lib.mkIf (cfg.port < 1024) [ "CAP_NET_BIND_SERVICE" ]; CapabilityBoundingSet = if (cfg.port < 1024) then [ "CAP_NET_BIND_SERVICE" ] else [ "" ]; AmbientCapabilities = lib.mkIf (cfg.settings.server.http_port < 1024) [ "CAP_NET_BIND_SERVICE" ]; CapabilityBoundingSet = if (cfg.settings.server.http_port < 1024) then [ "CAP_NET_BIND_SERVICE" ] else [ "" ]; DeviceAllow = [ "" ]; LockPersonality = true; NoNewPrivileges = true; Loading
nixos/tests/grafana/basic.nix +14 −8 Original line number Diff line number Diff line Loading @@ -6,12 +6,18 @@ let baseGrafanaConf = { services.grafana = { enable = true; addr = "localhost"; analytics.reporting.enable = false; settings = { analytics.reporting_enabled = false; server = { http_addr = "localhost"; domain = "localhost"; }; security = { adminUser = "testadmin"; adminPassword = "snakeoilpwd"; admin_user = "testadmin"; admin_password = "snakeoilpwd"; }; }; }; }; Loading @@ -24,7 +30,7 @@ let }; postgresql = { services.grafana.database = { services.grafana.settings.database = { host = "127.0.0.1:5432"; user = "grafana"; }; Loading @@ -40,7 +46,7 @@ let }; mysql = { services.grafana.database.user = "grafana"; services.grafana.settings.database.user = "grafana"; services.mysql = { enable = true; ensureDatabases = [ "grafana" ]; Loading
nixos/tests/grafana/provision/default.nix +13 −7 Original line number Diff line number Diff line Loading @@ -6,14 +6,20 @@ let baseGrafanaConf = { services.grafana = { enable = true; addr = "localhost"; analytics.reporting.enable = false; provision.enable = true; settings = { analytics.reporting_enabled = false; server = { http_addr = "localhost"; domain = "localhost"; }; security = { adminUser = "testadmin"; adminPassword = "snakeoilpwd"; admin_user = "testadmin"; admin_password = "snakeoilpwd"; }; }; provision.enable = true; }; systemd.tmpfiles.rules = [ Loading
