1 { config, lib, pkgs, ... }:
4 cfg = config.services.zoneminder;
5 fpm = config.services.phpfpm.pools.zoneminder;
12 nginx = config.services.nginx.group;
16 useNginx = cfg.webserver == "nginx";
18 defaultDir = "/var/lib/${user}";
19 home = if useCustomDir then cfg.storageDir else defaultDir;
21 useCustomDir = cfg.storageDir != null;
25 dirs = dirList: [ dirName ] ++ map (e: "${dirName}/${e}") dirList;
27 cacheDirs = [ "swap" ];
28 libDirs = [ "events" "exports" "images" "sounds" ];
31 lib.concatStringsSep "\n" (map (e:
32 "ZM_DIR_${lib.toUpper e}=${baseDir}/${e}"
35 defaultsFile = pkgs.writeText "60-defaults.conf" ''
36 # 01-system-paths.conf
38 ZM_PATH_ARP=${lib.getBin pkgs.nettools}/bin/arp
39 ZM_PATH_LOGS=/var/log/${dirName}
41 ZM_PATH_SOCKS=/run/${dirName}
42 ZM_PATH_SWAP=/var/cache/${dirName}/swap
50 ZM_DB_HOST=${cfg.database.host}
51 ZM_DB_NAME=${cfg.database.name}
52 ZM_DB_USER=${cfg.database.username}
53 ZM_DB_PASS=${cfg.database.password}
60 configFile = pkgs.writeText "80-nixos.conf" ''
61 # You can override defaults here
68 services.zoneminder = with lib; {
69 enable = lib.mkEnableOption (lib.mdDoc ''
72 If you intend to run the database locally, you should set
73 `config.services.zoneminder.database.createLocally` to true. Otherwise,
74 when set to `false` (the default), you will have to create the database
75 and database user as well as populate the database yourself.
76 Additionally, you will need to run `zmupdate.pl` yourself when
77 upgrading to a newer version.
80 webserver = mkOption {
81 type = types.enum [ "nginx" "none" ];
83 description = lib.mdDoc ''
84 The webserver to configure for the PHP frontend.
86 Set it to `none` if you want to configure it yourself. PRs are welcome
87 for support for other web servers.
93 default = "localhost";
94 description = lib.mdDoc ''
95 The hostname on which to listen.
102 description = lib.mdDoc ''
103 The port on which to listen.
107 openFirewall = mkOption {
110 description = lib.mdDoc ''
111 Open the firewall port(s).
116 createLocally = mkOption {
119 description = lib.mdDoc ''
120 Create the database and database user locally.
126 default = "localhost";
127 description = lib.mdDoc ''
128 Hostname hosting the database.
135 description = lib.mdDoc ''
140 username = mkOption {
143 description = lib.mdDoc ''
144 Username for accessing the database.
148 password = mkOption {
151 description = lib.mdDoc ''
152 Username for accessing the database.
153 Not used if `createLocally` is set.
161 description = lib.mdDoc ''
162 Set this to the number of cameras you expect to support.
166 storageDir = mkOption {
167 type = types.nullOr types.str;
169 example = "/storage/tank";
170 description = lib.mdDoc ''
171 ZoneMinder can generate quite a lot of data, so in case you don't want
172 to use the default ${defaultDir}, you can override the path here.
176 extraConfig = mkOption {
179 description = lib.mdDoc ''
180 Additional configuration added verbatim to the configuration file.
186 config = lib.mkIf cfg.enable {
189 { assertion = cfg.database.createLocally -> cfg.database.username == user;
190 message = "services.zoneminder.database.username must be set to ${user} if services.zoneminder.database.createLocally is set true";
195 "zoneminder/60-defaults.conf".source = defaultsFile;
196 "zoneminder/80-nixos.conf".source = configFile;
199 networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [
205 fcgiwrap = lib.mkIf useNginx {
207 preforkProcesses = cfg.cameras;
211 mysql = lib.mkIf cfg.database.createLocally {
213 package = lib.mkDefault pkgs.mariadb;
214 ensureDatabases = [ cfg.database.name ];
216 name = cfg.database.username;
217 ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
221 nginx = lib.mkIf useNginx {
226 root = "${pkg}/share/zoneminder/www";
227 listen = [ { addr = "0.0.0.0"; inherit (cfg) port; } ];
229 fcgi = config.services.fcgiwrap;
234 try_files $uri $uri/ /index.php?$args =404;
236 rewrite ^/skins/.*/css/fonts/(.*)$ /fonts/$1 permanent;
238 location ~ /api/(css|img|ico) {
239 rewrite ^/api(.+)$ /api/app/webroot/$1 break;
240 try_files $uri $uri/ =404;
243 location ~ \.(gif|ico|jpg|jpeg|png)$ {
249 rewrite ^/api(.+)$ /api/app/webroot/index.php?p=$1 last;
255 include ${config.services.nginx.package}/conf/fastcgi_params;
256 fastcgi_param SCRIPT_FILENAME ${pkg}/libexec/zoneminder/${zms};
257 fastcgi_param HTTP_PROXY "";
258 fastcgi_intercept_errors on;
260 fastcgi_pass ${fcgi.socketType}:${fcgi.socketAddress};
264 alias /var/cache/${dirName}/;
269 fastcgi_index index.php;
271 include ${config.services.nginx.package}/conf/fastcgi_params;
272 fastcgi_param SCRIPT_FILENAME $request_filename;
273 fastcgi_param HTTP_PROXY "";
275 fastcgi_pass unix:${fpm.socket};
283 phpfpm = lib.mkIf useNginx {
286 phpPackage = pkgs.php.withExtensions ({ enabled, all }: enabled ++ [ all.apcu ]);
288 date.timezone = "${config.time.timeZone}"
290 settings = lib.mapAttrs (name: lib.mkDefault) {
291 "listen.owner" = user;
292 "listen.group" = group;
293 "listen.mode" = "0660";
296 "pm.start_servers" = 1;
297 "pm.min_spare_servers" = 1;
298 "pm.max_spare_servers" = 2;
299 "pm.max_requests" = 500;
300 "pm.max_children" = 5;
301 "pm.status_path" = "/$pool-status";
302 "ping.path" = "/$pool-ping";
309 zoneminder = with pkgs; {
310 inherit (zoneminder.meta) description;
311 documentation = [ "https://zoneminder.readthedocs.org/en/latest/" ];
317 after = [ "nginx.service" ] ++ lib.optional cfg.database.createLocally "mysql.service";
318 wantedBy = [ "multi-user.target" ];
319 restartTriggers = [ defaultsFile configFile ];
320 preStart = lib.optionalString useCustomDir ''
321 install -dm775 -o ${user} -g ${group} ${cfg.storageDir}/{${lib.concatStringsSep "," libDirs}}
322 '' + lib.optionalString cfg.database.createLocally ''
323 if ! test -e "/var/lib/${dirName}/db-created"; then
324 ${config.services.mysql.package}/bin/mysql < ${pkg}/share/zoneminder/db/zm_create.sql
325 touch "/var/lib/${dirName}/db-created"
328 ${zoneminder}/bin/zmupdate.pl -nointeractive
333 SupplementaryGroups = [ "video" ];
334 ExecStart = "${zoneminder}/bin/zmpkg.pl start";
335 ExecStop = "${zoneminder}/bin/zmpkg.pl stop";
336 ExecReload = "${zoneminder}/bin/zmpkg.pl restart";
337 PIDFile = "/run/${dirName}/zm.pid";
339 Restart = "on-failure";
341 CacheDirectory = dirs cacheDirs;
342 RuntimeDirectory = dirName;
343 ReadWriteDirectories = lib.mkIf useCustomDir [ cfg.storageDir ];
344 StateDirectory = dirs (if useCustomDir then [] else libDirs);
345 LogsDirectory = dirName;
347 ProtectSystem = "strict";
348 ProtectKernelTunables = true;
349 SystemCallArchitectures = "native";
350 NoNewPrivileges = true;
355 users.groups.${user} = {
356 gid = config.ids.gids.zoneminder;
359 users.users.${user} = {
360 uid = config.ids.uids.zoneminder;
363 inherit (pkgs.zoneminder.meta) description;
367 meta.maintainers = with lib.maintainers; [ ];