Dawoox/nixpkgs
1
1
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

nixos/cockpit: add SSH to wsinstance path and issue banner support

Browse Source
This commit is contained in:
andre4ik3
2025-09-05 17:57:23 +00:00
parent 1caba3e5d9
commit 395b411240
1 changed files with 42 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
nixos/modules/services/monitoring/cockpit.nix
View File

@@ -49,6 +49,13 @@ in
''; '';
}; };
showBanner = mkOption {
description = "Whether to add the Cockpit banner to the issue and motd files.";
type = types.bool;
default = true;
example = false;
};
port = mkOption { port = mkOption {
description = "Port where cockpit will listen."; description = "Port where cockpit will listen.";
type = types.port; type = types.port;
@@ -62,16 +69,28 @@ in
}; };
}; };
}; };
config = mkIf cfg.enable {
config = mkIf cfg.enable {
# expose cockpit-bridge system-wide # expose cockpit-bridge system-wide
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
# allow cockpit to find its plugins # allow cockpit to find its plugins
environment.pathsToLink = [ "/share/cockpit" ]; environment.pathsToLink = [ "/share/cockpit" ];
environment.etc = {
# generate cockpit settings # generate cockpit settings
environment.etc."cockpit/cockpit.conf".source = settingsFormat.generate "cockpit.conf" cfg.settings; "cockpit/cockpit.conf".source = settingsFormat.generate "cockpit.conf" cfg.settings;
# Add "Web console: ..." line to issue and MOTD
"issue.d/cockpit.issue" = {
enable = cfg.showBanner;
source = "/run/cockpit/issue";
};
"motd.d/cockpit" = {
enable = cfg.showBanner;
source = "/run/cockpit/issue";
};
};
security.pam.services.cockpit = { security.pam.services.cockpit = {
startSession = true; startSession = true;
@@ -80,11 +99,26 @@ in
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ]; networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
systemd.packages = [ cfg.package ]; systemd.packages = [ cfg.package ];
systemd.sockets.cockpit.wantedBy = [ "multi-user.target" ];
systemd.sockets.cockpit.listenStreams = [ systemd.sockets.cockpit = {
wantedBy = [ "multi-user.target" ];
listenStreams = [
"" # workaround so it doesn't listen on both ports caused by the runtime merging "" # workaround so it doesn't listen on both ports caused by the runtime merging
(toString cfg.port) (toString cfg.port)
]; ];
};
# Enable connecting to remote hosts from the login page
systemd.services = mkIf (cfg.settings ? LoginTo -> cfg.settings.LoginTo) {
"cockpit-wsinstance-http".path = [
config.programs.ssh.package
cfg.package
];
"cockpit-wsinstance-https@".path = [
config.programs.ssh.package
cfg.package
];
};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
# From $out/lib/tmpfiles.d/cockpit-tmpfiles.conf # From $out/lib/tmpfiles.d/cockpit-tmpfiles.conf