| blob | 31620b31eb315e21830fe224be0ef3a6b21315d1 |
1 { pkgs, config, lib, ... }:
3 let
4 cfg = config.services.cockpit;
5 inherit (lib) types mkEnableOption mkOption mkIf literalMD mkPackageOption;
6 settingsFormat = pkgs.formats.ini {};
7 in {
8 options = {
9 services.cockpit = {
10 enable = mkEnableOption "Cockpit";
12 package = mkPackageOption pkgs "Cockpit" {
13 default = [ "cockpit" ];
14 };
16 settings = lib.mkOption {
17 type = settingsFormat.type;
19 default = {};
21 description = ''
22 Settings for cockpit that will be saved in /etc/cockpit/cockpit.conf.
24 See the [documentation](https://cockpit-project.org/guide/latest/cockpit.conf.5.html), that is also available with `man cockpit.conf.5` for details.
25 '';
26 };
28 port = mkOption {
29 description = "Port where cockpit will listen.";
30 type = types.port;
31 default = 9090;
32 };
34 openFirewall = mkOption {
35 description = "Open port for cockpit.";
36 type = types.bool;
37 default = false;
38 };
39 };
40 };
41 config = mkIf cfg.enable {
43 # expose cockpit-bridge system-wide
44 environment.systemPackages = [ cfg.package ];
46 # allow cockpit to find its plugins
47 environment.pathsToLink = [ "/share/cockpit" ];
49 # generate cockpit settings
50 environment.etc."cockpit/cockpit.conf".source = settingsFormat.generate "cockpit.conf" cfg.settings;
52 security.pam.services.cockpit = {};
54 networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
56 systemd.packages = [ cfg.package ];
57 systemd.sockets.cockpit.wantedBy = [ "multi-user.target" ];
59 systemd.tmpfiles.rules = [ # From $out/lib/tmpfiles.d/cockpit-tmpfiles.conf
60 "C /run/cockpit/inactive.motd 0640 root root - ${cfg.package}/share/cockpit/motd/inactive.motd"
61 "f /run/cockpit/active.motd 0640 root root -"
62 "L+ /run/cockpit/motd - - - - inactive.motd"
63 "d /etc/cockpit/ws-certs.d 0600 root root 0"
64 ];
65 };
67 meta.maintainers = pkgs.cockpit.meta.maintainers;
68 }