2024-08-26 09:20:05 +02:00
|
|
|
{ pkgs, lib, config, ... }:
|
2022-09-25 00:31:22 +02:00
|
|
|
let
|
2023-01-31 11:29:05 +01:00
|
|
|
cfg = import ./vars.nix;
|
|
|
|
|
db = cfg.zabbix.db;
|
|
|
|
|
db_host = cfg.podman.hostIP;
|
2024-08-26 09:20:05 +02:00
|
|
|
dbport = cfg.zabbix.dbport;
|
2023-01-31 11:29:05 +01:00
|
|
|
port = cfg.zabbix.port;
|
|
|
|
|
domain = cfg.zabbix.domain;
|
2023-01-20 10:36:33 +01:00
|
|
|
server_ip = "10.88.1.0";
|
|
|
|
|
web_ip = "10.88.1.1";
|
2022-09-25 00:31:22 +02:00
|
|
|
in
|
|
|
|
|
{
|
2024-08-26 09:20:05 +02:00
|
|
|
|
|
|
|
|
imports = [
|
|
|
|
|
./podman-postgresql.nix # for the database
|
|
|
|
|
#./podman.nix
|
|
|
|
|
./nginx.nix # for the webserver
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
sops.secrets."zabbix/db" = {};
|
|
|
|
|
|
|
|
|
|
services.podman-postgresql."zabbix" = {
|
|
|
|
|
enable = true;
|
|
|
|
|
image = "docker.io/timescale/timescaledb:2.15.3-pg14";
|
|
|
|
|
port = (lib.strings.toInt dbport);
|
|
|
|
|
passwordFile = config.sops.secrets."zabbix/db".path;
|
|
|
|
|
backupInterval = "daily";
|
|
|
|
|
backupRetention = 2;
|
2022-09-25 00:31:22 +02:00
|
|
|
};
|
|
|
|
|
|
2023-01-20 10:36:33 +01:00
|
|
|
virtualisation.oci-containers.containers.zabbix-server = {
|
2024-08-26 09:20:05 +02:00
|
|
|
image = "docker.io/zabbix/zabbix-server-pgsql:alpine-7.0-latest";
|
2023-01-20 10:36:33 +01:00
|
|
|
environment = {
|
2024-08-26 09:20:05 +02:00
|
|
|
#DB_SERVER_HOST = db_host;
|
|
|
|
|
DB_SERVER_HOST = "10.88.0.1";
|
|
|
|
|
DB_SERVER_PORT = dbport;
|
2023-01-20 10:36:33 +01:00
|
|
|
POSTGRES_USER = db;
|
2023-04-29 01:16:57 +02:00
|
|
|
TZ = "Europe/Berlin";
|
2022-09-25 00:31:22 +02:00
|
|
|
};
|
2023-01-20 10:36:33 +01:00
|
|
|
environmentFiles = [ /etc/nixos/keys/zabbix-env ];
|
2023-01-31 11:29:05 +01:00
|
|
|
extraOptions = cfg.podman.extraOptions ++ [ "--ip=${server_ip}" ];
|
2022-09-25 00:31:22 +02:00
|
|
|
};
|
|
|
|
|
|
2023-01-20 10:36:33 +01:00
|
|
|
virtualisation.oci-containers.containers.zabbix-web = {
|
2024-08-26 09:20:05 +02:00
|
|
|
image = "docker.io/zabbix/zabbix-web-nginx-pgsql:alpine-7.0-latest";
|
2023-01-20 10:36:33 +01:00
|
|
|
environment = {
|
2024-08-26 09:20:05 +02:00
|
|
|
#DB_SERVER_HOST = db_host;
|
|
|
|
|
DB_SERVER_HOST = "10.88.0.1";
|
|
|
|
|
DB_SERVER_PORT = dbport;
|
2023-01-20 10:36:33 +01:00
|
|
|
POSTGRES_USER = db;
|
|
|
|
|
ZBX_SERVER_HOST = server_ip;
|
2023-01-31 11:29:05 +01:00
|
|
|
ZBX_SERVER_NAME = "Superbly Managed Networks and Hosting";
|
2023-04-29 01:16:57 +02:00
|
|
|
TZ = "Europe/Berlin";
|
2023-01-20 10:36:33 +01:00
|
|
|
PHP_TZ = "Europe/Berlin";
|
2023-06-30 09:30:44 +02:00
|
|
|
ZBX_SSO_IDP_CERT = "/usr/share/zabbix/conf/certs/idp.crt";
|
|
|
|
|
ZBX_SSO_SP_CERT = "/usr/share/zabbix/conf/certs/sp.crt";
|
|
|
|
|
ZBX_SSO_SP_KEY = "/usr/share/zabbix/conf/certs/sp.key";
|
|
|
|
|
ZBX_SSO_SETTINGS = ''{'baseurl': 'https://${domain}'}'';
|
2022-09-25 00:31:22 +02:00
|
|
|
};
|
2023-01-20 10:36:33 +01:00
|
|
|
environmentFiles = [ /etc/nixos/keys/zabbix-env ];
|
2023-01-31 11:29:05 +01:00
|
|
|
extraOptions = cfg.podman.extraOptions ++ [ "--ip=${web_ip}" ];
|
2023-01-20 10:36:33 +01:00
|
|
|
ports = [ "${port}:8080" ];
|
2023-06-30 09:30:44 +02:00
|
|
|
volumes = [
|
|
|
|
|
"/var/lib/zabbix/certs:/usr/share/zabbix/conf/certs:ro"
|
|
|
|
|
];
|
2022-09-25 00:31:22 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.nginx.virtualHosts.${domain} = {
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
enableACME = true;
|
|
|
|
|
locations."/" = {
|
|
|
|
|
proxyPass = "http://localhost:${port}";
|
|
|
|
|
};
|
2022-10-30 15:51:48 +01:00
|
|
|
extraConfig = ''
|
|
|
|
|
access_log /var/log/nginx/${domain}_access.log;
|
|
|
|
|
error_log /var/log/nginx/${domain}_error.log;
|
|
|
|
|
'';
|
2022-09-25 00:31:22 +02:00
|
|
|
};
|
|
|
|
|
|
2023-01-31 11:29:05 +01:00
|
|
|
networking.firewall.interfaces.podman0.allowedTCPPorts = [ 5432 10050 ];
|
2022-09-25 00:31:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# vim: set et ts=2 sw=2 ai:
|
