diff --git a/modules/zabbix-server.nix b/modules/zabbix-server.nix new file mode 100644 index 0000000..393c758 --- /dev/null +++ b/modules/zabbix-server.nix @@ -0,0 +1,63 @@ +{ pkgs, lib, ... }: +let + db = "zabbix"; + version = "latest"; + port = "8999"; + domain = "zbx.mc-fucker.cool"; +in +{ + services.postgresql = { + ensureDatabases = [ db ]; + ensureUsers = [ + { + name = db; + ensurePermissions = { + "DATABASE ${db}" = "ALL PRIVILEGES"; + }; + } + ]; + extraPlugins = [ (pkgs.callPackage ../packages/timescaledb/timescaledb.nix {}) ]; + settings = { + shared_preload_libraries = "timescaledb"; + }; + authentication = "host ${db} ${db} zabbix-server.mc-fucker.vpn.mc-fucker.cool md5"; + }; + + services.zabbixServer = { + enable = true; + database = { + createLocally = false; + socket = "/run/postgresql"; + passwordFile = /etc/nixos/keys/zabbix_db.key; + }; + package = (pkgs.callPackages ../packages/zabbix/server.nix { postgresqlSupport = true; }).${version}; + }; + + services.zabbixWeb = { + enable = true; + package = (pkgs.callPackages ../packages/zabbix/web.nix {}).${version}; + database = { + socket = "/run/postgresql"; + }; + virtualHost = { + hostName = domain; + adminAddr = "noreply@mc-fucker.cool"; + listen = [ + { + port = (lib.strings.toInt port); + } + ]; + }; + }; + + services.nginx.virtualHosts.${domain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${port}"; + }; + }; + +} + +# vim: set et ts=2 sw=2 ai: diff --git a/packages/timescaledb/timescaledb.nix b/packages/timescaledb/timescaledb.nix new file mode 100644 index 0000000..f54d124 --- /dev/null +++ b/packages/timescaledb/timescaledb.nix @@ -0,0 +1,49 @@ +{ lib, stdenv, fetchFromGitHub, cmake, postgresql, openssl, libkrb5 }: + +# # To enable on NixOS: +# config.services.postgresql = { +# extraPlugins = [ pkgs.timescaledb ]; +# extraConfig = "shared_preload_libraries = 'timescaledb'"; +# } + +stdenv.mkDerivation rec { + pname = "timescaledb"; + version = "2.6.1"; + + nativeBuildInputs = [ cmake ]; + buildInputs = [ postgresql openssl libkrb5 ]; + + src = fetchFromGitHub { + owner = "timescale"; + repo = "timescaledb"; + rev = version; + sha256 = "sha256-P0gdw6Ai5+6A/+bmlTkmKpy18UkbRgJN3wCzLQI5oMA="; + }; + + cmakeFlags = [ "-DSEND_TELEMETRY_DEFAULT=OFF" "-DREGRESS_CHECKS=OFF" "-DTAP_CHECKS=OFF" ] + ++ lib.optionals stdenv.isDarwin [ "-DLINTER=OFF" ]; + + # Fix the install phase which tries to install into the pgsql extension dir, + # and cannot be manually overridden. This is rather fragile but works OK. + postPatch = '' + for x in CMakeLists.txt sql/CMakeLists.txt; do + substituteInPlace "$x" \ + --replace 'DESTINATION "''${PG_SHAREDIR}/extension"' "DESTINATION \"$out/share/postgresql/extension\"" + done + + for x in src/CMakeLists.txt src/loader/CMakeLists.txt tsl/src/CMakeLists.txt; do + substituteInPlace "$x" \ + --replace 'DESTINATION ''${PG_PKGLIBDIR}' "DESTINATION \"$out/lib\"" + done + ''; + + meta = with lib; { + description = "Scales PostgreSQL for time-series data via automatic partitioning across time and space"; + homepage = "https://www.timescale.com/"; + changelog = "https://github.com/timescale/timescaledb/raw/${version}/CHANGELOG.md"; + maintainers = with maintainers; [ volth marsam ]; + platforms = postgresql.meta.platforms; + license = licenses.asl20; + broken = versionOlder postgresql.version "12"; + }; +} diff --git a/packages/zabbix/server.nix b/packages/zabbix/server.nix new file mode 100644 index 0000000..9249e38 --- /dev/null +++ b/packages/zabbix/server.nix @@ -0,0 +1,97 @@ +{ lib, stdenv, fetchurl, autoreconfHook, pkg-config, curl, libevent, libiconv, libxml2, openssl, pcre, zlib +, jabberSupport ? true, iksemel +, ldapSupport ? true, openldap +, odbcSupport ? true, unixODBC +, snmpSupport ? true, net-snmp +, sshSupport ? true, libssh2 +, mysqlSupport ? false, libmysqlclient +, postgresqlSupport ? false, postgresql +, ipmiSupport ? false, openipmi +}: + +# ensure exactly one primary database type is selected +assert mysqlSupport -> !postgresqlSupport; +assert postgresqlSupport -> !mysqlSupport; + +let + inherit (lib) optional optionalString; +in + import ./versions.nix ({ version, sha256 }: + stdenv.mkDerivation { + pname = "zabbix-server"; + inherit version; + + src = fetchurl { + url = "https://cdn.zabbix.com/zabbix/sources/stable/${lib.versions.majorMinor version}/zabbix-${version}.tar.gz"; + inherit sha256; + }; + + nativeBuildInputs = [ autoreconfHook pkg-config ]; + buildInputs = [ + curl + libevent + libiconv + libxml2 + openssl + pcre + zlib + ] + ++ optional odbcSupport unixODBC + ++ optional jabberSupport iksemel + ++ optional ldapSupport openldap + ++ optional snmpSupport net-snmp + ++ optional sshSupport libssh2 + ++ optional mysqlSupport libmysqlclient + ++ optional postgresqlSupport postgresql + ++ optional ipmiSupport openipmi; + + configureFlags = [ + "--enable-ipv6" + "--enable-server" + "--with-iconv" + "--with-libcurl" + "--with-libevent" + "--with-libpcre" + "--with-libxml2" + "--with-openssl=${openssl.dev}" + "--with-zlib=${zlib}" + ] + ++ optional odbcSupport "--with-unixodbc" + ++ optional jabberSupport "--with-jabber" + ++ optional ldapSupport "--with-ldap=${openldap.dev}" + ++ optional snmpSupport "--with-net-snmp" + ++ optional sshSupport "--with-ssh2=${libssh2.dev}" + ++ optional mysqlSupport "--with-mysql" + ++ optional postgresqlSupport "--with-postgresql" + ++ optional ipmiSupport "--with-openipmi=${openipmi.dev}"; + + prePatch = '' + find database -name data.sql -exec sed -i 's|/usr/bin/||g' {} + + ''; + + preAutoreconf = '' + for i in $(find . -type f -name "*.m4"); do + substituteInPlace $i \ + --replace 'test -x "$PKG_CONFIG"' 'type -P "$PKG_CONFIG" >/dev/null' + done + ''; + + postInstall = '' + mkdir -p $out/share/zabbix/database/ + cp -r include $out/ + '' + optionalString mysqlSupport '' + mkdir -p $out/share/zabbix/database/mysql + cp -prvd database/mysql/*.sql $out/share/zabbix/database/mysql/ + '' + optionalString postgresqlSupport '' + mkdir -p $out/share/zabbix/database/postgresql + cp -prvd database/postgresql/*.sql $out/share/zabbix/database/postgresql/ + ''; + + meta = with lib; { + description = "An enterprise-class open source distributed monitoring solution"; + homepage = "https://www.zabbix.com/"; + license = licenses.gpl2; + maintainers = with maintainers; [ mmahut psyanticy ]; + platforms = platforms.linux; + }; + }) diff --git a/packages/zabbix/web.nix b/packages/zabbix/web.nix new file mode 100644 index 0000000..e19646e --- /dev/null +++ b/packages/zabbix/web.nix @@ -0,0 +1,32 @@ +{ lib, stdenv, fetchurl, writeText }: + +import ./versions.nix ({ version, sha256 }: + stdenv.mkDerivation rec { + pname = "zabbix-web"; + inherit version; + + src = fetchurl { + url = "https://cdn.zabbix.com/zabbix/sources/stable/${lib.versions.majorMinor version}/zabbix-${version}.tar.gz"; + inherit sha256; + }; + + phpConfig = writeText "zabbix.conf.php" '' + + ''; + + installPhase = '' + mkdir -p $out/share/zabbix/ + cp -a ${if lib.versionAtLeast version "5.0.0" then "ui/." else "frontends/php/."} $out/share/zabbix/ + cp ${phpConfig} $out/share/zabbix/conf/zabbix.conf.php + ''; + + meta = with lib; { + description = "An enterprise-class open source distributed monitoring solution (web frontend)"; + homepage = "https://www.zabbix.com/"; + license = licenses.gpl2; + maintainers = [ maintainers.mmahut ]; + platforms = platforms.linux; + }; + }) diff --git a/systems/mc4/configuration.nix b/systems/mc4/configuration.nix index 866e9a8..fee7566 100644 --- a/systems/mc4/configuration.nix +++ b/systems/mc4/configuration.nix @@ -14,6 +14,7 @@ ./modules/ihatemoney.nix ./modules/tandoor.nix ./modules/powerdns-web.nix + ./modules/zabbix-server.nix ]; programs.atop.atopacctService.enable = false;