kibana service: init

9 years ago · 80aea0dcfd
parent 341ac85644
commit 80aea0dcfd
3 changed files with 171 additions and 0 deletions
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -232,6 +232,7 @@
      namecoin = 208;
      dnschain = 209;
      #lxd = 210; # unused
+      kibana = 211;

      # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!

@ -442,6 +443,7 @@
      namecoin = 208;
      #dnschain = 209; #unused
      lxd = 210; # unused
+      #kibana = 211;

      # When adding a gid, make sure it doesn't match an existing
      # uid. Users and groups with the same name should have equal
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -365,6 +365,7 @@
  ./services/scheduling/fcron.nix
  ./services/scheduling/marathon.nix
  ./services/search/elasticsearch.nix
+  ./services/search/kibana.nix
  ./services/search/solr.nix
  ./services/security/clamav.nix
  ./services/security/fail2ban.nix
--- a/nixos/modules/services/search/kibana.nix
+++ b/nixos/modules/services/search/kibana.nix
@ -0,0 +1,168 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.kibana;
+
+  cfgFile = pkgs.writeText "kibana.json" (builtins.toJSON (
+    (filterAttrsRecursive (n: v: v != null) ({
+      server = {
+        host = cfg.host;
+        port = cfg.port;
+        ssl = {
+          cert = cfg.cert;
+          key = cfg.key;
+        };
+      };
+
+      kibana = {
+        index = cfg.index;
+        defaultAppId = cfg.defaultAppId;
+      };
+
+      elasticsearch = {
+        url = cfg.elasticsearch.url;
+        username = cfg.elasticsearch.username;
+        password = cfg.elasticsearch.password;
+        ssl = {
+          cert = cfg.elasticsearch.cert;
+          key = cfg.elasticsearch.key;
+          ca = cfg.elasticsearch.ca;
+        };
+      };
+
+      logging = {
+        verbose = cfg.logLevel == "verbose";
+        quiet = cfg.logLevel == "quiet";
+        silent = cfg.logLevel == "silent";
+        dest = "stdout";
+      };
+    } // cfg.extraConf)
+  )));
+in {
+  options.services.kibana = {
+    enable = mkEnableOption "enable kibana service";
+
+    host = mkOption {
+      description = "Kibana listening host";
+      default = "127.0.0.1";
+      type = types.str;
+    };
+
+    port = mkOption {
+      description = "Kibana listening port";
+      default = 5601;
+      type = types.int;
+    };
+
+    cert = mkOption {
+      description = "Kibana ssl certificate.";
+      default = null;
+      type = types.nullOr types.path;
+    };
+
+    key = mkOption {
+      description = "Kibana ssl key.";
+      default = null;
+      type = types.nullOr types.path;
+    };
+
+    index = mkOption {
+      description = "Elasticsearch index to use for saving kibana config.";
+      default = ".kibana";
+      type = types.str;
+    };
+
+    defaultAppId = mkOption {
+      description = "Elasticsearch default application id.";
+      default = "discover";
+      type = types.str;
+    };
+
+    elasticsearch = {
+      url = mkOption {
+        description = "Elasticsearch url";
+        default = "http://localhost:9200";
+        type = types.str;
+      };
+
+      username = mkOption {
+        description = "Username for elasticsearch basic auth.";
+        default = null;
+        type = types.nullOr types.str;
+      };
+
+      password = mkOption {
+        description = "Password for elasticsearch basic auth.";
+        default = null;
+        type = types.nullOr types.str;
+      };
+
+      ca = mkOption {
+        description = "CA file to auth against elasticsearch.";
+        default = null;
+        type = types.nullOr types.path;
+      };
+
+      cert = mkOption {
+        description = "Certificate file to auth against elasticsearch.";
+        default = null;
+        type = types.nullOr types.path;
+      };
+
+      key = mkOption {
+        description = "Key file to auth against elasticsearch.";
+        default = null;
+        type = types.nullOr types.path;
+      };
+    };
+
+    logLevel = mkOption {
+      description = "Kibana log level";
+      default = "normal";
+      type = types.enum ["verbose" "normal" "silent" "quiet"];
+    };
+
+    package = mkOption {
+      description = "Kibana package to use";
+      default = pkgs.kibana;
+      type = types.package;
+    };
+
+    dataDir = mkOption {
+      description = "Kibana data directory";
+      default = "/var/lib/kibana";
+      type = types.path;
+    };
+
+    extraConf = mkOption {
+      description = "Kibana extra configuration";
+      default = {};
+      type = types.attrs;
+    };
+  };
+
+  config = mkIf (cfg.enable) {
+    systemd.services.kibana = {
+      description = "Kibana Service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network-interfaces.target" "elasticsearch.service" ];
+      serviceConfig = {
+        ExecStart = "${cfg.package}/bin/kibana --config ${cfgFile}";
+        User = "kibana";
+        WorkingDirectory = cfg.dataDir;
+      };
+    };
+
+    environment.systemPackages = [ cfg.package ];
+
+    users.extraUsers = singleton {
+      name = "kibana";
+      uid = config.ids.uids.kibana;
+      description = "Kibana service user";
+      home = cfg.dataDir;
+      createHome = true;
+    };
+  };
+}