| blob | ffc7c4b68cae41c56336780060e622fd5aa6cac0 |
1 { config, lib, options, pkgs, ... }:
3 with lib;
5 let
6 cfg = config.services.kibana;
7 opt = options.services.kibana;
9 ge7 = builtins.compareVersions cfg.package.version "7" >= 0;
10 lt6_6 = builtins.compareVersions cfg.package.version "6.6" < 0;
12 cfgFile = pkgs.writeText "kibana.json" (builtins.toJSON (
13 (filterAttrsRecursive (n: v: v != null && v != []) ({
14 server.host = cfg.listenAddress;
15 server.port = cfg.port;
16 server.ssl.certificate = cfg.cert;
17 server.ssl.key = cfg.key;
19 kibana.index = cfg.index;
20 kibana.defaultAppId = cfg.defaultAppId;
22 elasticsearch.url = cfg.elasticsearch.url;
23 elasticsearch.hosts = cfg.elasticsearch.hosts;
24 elasticsearch.username = cfg.elasticsearch.username;
25 elasticsearch.password = cfg.elasticsearch.password;
27 elasticsearch.ssl.certificate = cfg.elasticsearch.cert;
28 elasticsearch.ssl.key = cfg.elasticsearch.key;
29 elasticsearch.ssl.certificateAuthorities = cfg.elasticsearch.certificateAuthorities;
30 } // cfg.extraConf)
31 )));
33 in {
34 options.services.kibana = {
35 enable = mkEnableOption (lib.mdDoc "kibana service");
37 listenAddress = mkOption {
38 description = lib.mdDoc "Kibana listening host";
39 default = "127.0.0.1";
40 type = types.str;
41 };
43 port = mkOption {
44 description = lib.mdDoc "Kibana listening port";
45 default = 5601;
46 type = types.int;
47 };
49 cert = mkOption {
50 description = lib.mdDoc "Kibana ssl certificate.";
51 default = null;
52 type = types.nullOr types.path;
53 };
55 key = mkOption {
56 description = lib.mdDoc "Kibana ssl key.";
57 default = null;
58 type = types.nullOr types.path;
59 };
61 index = mkOption {
62 description = lib.mdDoc "Elasticsearch index to use for saving kibana config.";
63 default = ".kibana";
64 type = types.str;
65 };
67 defaultAppId = mkOption {
68 description = lib.mdDoc "Elasticsearch default application id.";
69 default = "discover";
70 type = types.str;
71 };
73 elasticsearch = {
74 url = mkOption {
75 description = lib.mdDoc ''
76 Elasticsearch url.
78 Defaults to `"http://localhost:9200"`.
80 Don't set this when using Kibana >= 7.0.0 because it will result in a
81 configuration error. Use {option}`services.kibana.elasticsearch.hosts`
82 instead.
83 '';
84 default = null;
85 type = types.nullOr types.str;
86 };
88 hosts = mkOption {
89 description = lib.mdDoc ''
90 The URLs of the Elasticsearch instances to use for all your queries.
91 All nodes listed here must be on the same cluster.
93 Defaults to `[ "http://localhost:9200" ]`.
95 This option is only valid when using kibana >= 6.6.
96 '';
97 default = null;
98 type = types.nullOr (types.listOf types.str);
99 };
101 username = mkOption {
102 description = lib.mdDoc "Username for elasticsearch basic auth.";
103 default = null;
104 type = types.nullOr types.str;
105 };
107 password = mkOption {
108 description = lib.mdDoc "Password for elasticsearch basic auth.";
109 default = null;
110 type = types.nullOr types.str;
111 };
113 ca = mkOption {
114 description = lib.mdDoc ''
115 CA file to auth against elasticsearch.
117 It's recommended to use the {option}`certificateAuthorities` option
118 when using kibana-5.4 or newer.
119 '';
120 default = null;
121 type = types.nullOr types.path;
122 };
124 certificateAuthorities = mkOption {
125 description = lib.mdDoc ''
126 CA files to auth against elasticsearch.
128 Please use the {option}`ca` option when using kibana \< 5.4
129 because those old versions don't support setting multiple CA's.
131 This defaults to the singleton list [ca] when the {option}`ca` option is defined.
132 '';
133 default = if cfg.elasticsearch.ca == null then [] else [ca];
134 defaultText = literalExpression ''
135 if config.${opt.elasticsearch.ca} == null then [ ] else [ ca ]
136 '';
137 type = types.listOf types.path;
138 };
140 cert = mkOption {
141 description = lib.mdDoc "Certificate file to auth against elasticsearch.";
142 default = null;
143 type = types.nullOr types.path;
144 };
146 key = mkOption {
147 description = lib.mdDoc "Key file to auth against elasticsearch.";
148 default = null;
149 type = types.nullOr types.path;
150 };
151 };
153 package = mkOption {
154 description = lib.mdDoc "Kibana package to use";
155 default = pkgs.kibana;
156 defaultText = literalExpression "pkgs.kibana";
157 type = types.package;
158 };
160 dataDir = mkOption {
161 description = lib.mdDoc "Kibana data directory";
162 default = "/var/lib/kibana";
163 type = types.path;
164 };
166 extraConf = mkOption {
167 description = lib.mdDoc "Kibana extra configuration";
168 default = {};
169 type = types.attrs;
170 };
171 };
173 config = mkIf (cfg.enable) {
174 assertions = [
175 {
176 assertion = ge7 -> cfg.elasticsearch.url == null;
177 message =
178 "The option services.kibana.elasticsearch.url has been removed when using kibana >= 7.0.0. " +
179 "Please use option services.kibana.elasticsearch.hosts instead.";
180 }
181 {
182 assertion = lt6_6 -> cfg.elasticsearch.hosts == null;
183 message =
184 "The option services.kibana.elasticsearch.hosts is only valid for kibana >= 6.6.";
185 }
186 ];
187 systemd.services.kibana = {
188 description = "Kibana Service";
189 wantedBy = [ "multi-user.target" ];
190 after = [ "network.target" "elasticsearch.service" ];
191 environment = { BABEL_CACHE_PATH = "${cfg.dataDir}/.babelcache.json"; };
192 serviceConfig = {
193 ExecStart =
194 "${cfg.package}/bin/kibana" +
195 " --config ${cfgFile}" +
196 " --path.data ${cfg.dataDir}";
197 User = "kibana";
198 WorkingDirectory = cfg.dataDir;
199 };
200 };
202 environment.systemPackages = [ cfg.package ];
204 users.users.kibana = {
205 isSystemUser = true;
206 description = "Kibana service user";
207 home = cfg.dataDir;
208 createHome = true;
209 group = "kibana";
210 };
211 users.groups.kibana = {};
212 };
213 }