IMHO, it's a bit surprising that drilldown doesn't show anything when
using `declarativePlugins` (and thus, the four apps are missing).
Add instructions on how to get these apps back.
Part of #438800.
The OWASP recommentation[1] is:
> The X-XSS-Protection header has been deprecated by modern browsers
> and its use can introduce additional security issues on the client
> side. As such, it is recommended to set the header as X-XSS-Protection: 0
> in order to disable the XSS Auditor, and not allow it to take the default
> behavior of the browser handling the response. Please use
> Content-Security-Policy instead.
Hence, we turn this off, diverging from the upstream defaults here. An
upstream issue has been opened[2].
[1] https://owasp.org/www-project-secure-headers/#x-xss-protection
[2] https://github.com/grafana/grafana/issues/110369
This avoids restarting the postgresql server, when only ensureDatabases
or ensureUsers have been changed. It will also allow to properly wait
for recovery to finish later.
To wait for "postgresql is ready" in other services, we now provide a
postgresql.target.
Resolves#400018
Co-authored-by: Marcel <me@m4rc3l.de>
Closes#404580
ChangeLog: https://github.com/grafana/grafana/releases/tag/v12.0.0
A few changes were necessary here:
* the provision seems to be delayed now, so the `machine.succeed` broke
because the result was tested before the provisioning was finished.
Using `wait_until_succeeds` to solve this.
* Work around a problem that got unnoticed during #399404:
the setup-hook is also run in the `goModules` derivation, but
`offlineCache` is missing. As a result, the build breaks. I guess this
was unnoticed because everyone had a goModules with the previous hash
in their store.
Co-authored-by: Emily <git@emilylange.de>
Format all Nix files using the officially approved formatter,
making the CI check introduced in the previous commit succeed:
nix-build ci -A fmt.check
This is the next step of the of the [implementation](https://github.com/NixOS/nixfmt/issues/153)
of the accepted [RFC 166](https://github.com/NixOS/rfcs/pull/166).
This commit will lead to merge conflicts for a number of PRs,
up to an estimated ~1100 (~33%) among the PRs with activity in the past 2
months, but that should be lower than what it would be without the previous
[partial treewide format](https://github.com/NixOS/nixpkgs/pull/322537).
Merge conflicts caused by this commit can now automatically be resolved while rebasing using the
[auto-rebase script](8616af08d9/maintainers/scripts/auto-rebase).
If you run into any problems regarding any of this, please reach out to the
[formatting team](https://nixos.org/community/teams/formatting/) by
pinging @NixOS/nix-formatting.
ChangeLog: https://github.com/grafana/grafana/releases/tag/v11.1.0
A few additional changes were necessary:
* Grafana now refuses to listen on non-IP values and aborts with
Error: ✗ *apiserver.service run error: invalid IP address: localhost
* packages/grafana-e2e doesn't exist anymore, so the build fixes for
that could be removed.
* Make sure we always compile the binary parts of cypress.
* Grafana tends to set the minimum Go version to the latest Go version
available now[1].
* The `url` of a datasource was set to `localhost` by default. I don't
expect anybody to have not set it when needed, also Grafana aborts now
if `url` is non-empty for a random walk datasource (which broke the VM
tests).
[1] https://github.com/grafana/grafana/pull/88794#discussion_r1630563467
these changes were generated with nixq 0.0.2, by running
nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix
two mentions of the mdDoc function remain in nixos/, both of which
are inside of comments.
Since lib.mdDoc is already defined as just id, this commit is a no-op as
far as Nix (and the built manual) is concerned.
Deprecation warning: The standalone 'grafana-server' program is deprecated and will be removed in the future. Please update all uses of 'grafana-server' to 'grafana server'
The error message was:
msg="Failed to read plugin provisioning files from directory" path=/nix/store/gs2cy8n6ndsa1f7msf7ndl8f85xl1pzg-grafana-provisioning/plugins
error="open /nix/store/gs2cy8n6ndsa1f7msf7ndl8f85xl1pzg-grafana-provisioning/plugins: no such file or directory"
The problem we had back then was that `mkRenamedOptionModule` doesn't
work if an option will be moved a level depper, i.e.
services.grafana.provision.dashboards
became
services.grafana.provision.dashboards.settings.provider
I actually planned to remove this before 23.05 (since the change was
already released in 22.11), but as you can see that didn't happen ;-)
I think the grace-period was quite long already. And if someone is
migrating from <22.11 to a current NixOS now, there are very precise
instructions on how to upgrade in the 22.11 release notes.
I went through all categories that were already present in the grafana
module and added most options from the official docs at
https://grafana.com/docs/grafana/v9.5/setup-grafana/configure-grafana/
I also modified the descriptions of some existing options to match the
official docs more closely.
This commit deletes the assertions that were added in 4ec456b. Those
assertions weren't even working to begin with, and they also cause
assertions leak into the generated YAML.
Closes#198646
* The options `password`/`basicAuthPassword` were removed for
datasources in Grafana 9. The only option to declare them now is to use
`secureJsonData`.
* Fix description for contactPoints provisioning: when using file/env
providers, nothing will be leaked into the store.
* Fix regex in file-provider usage check: it's also possible to either
use `$__env{FOO}` or `$FOO` to fetch secrets from the environment.
* Fix warning for datasources: `password`/`basicAuthPassword` was
removed, also check for each setting in `secureJsonData` if
env/file-provider was used (then no warning is needed!).
The hack with `either` had the side-effect that the sub-options of the
submodule didn't appear in the manual. I decided to remove this because
the "migration" isn't that hard, you just need to fix some module
declarations.
However, `mkRenamedOptionModule` wouldn't work here because it'd create
a "virtual" option for the deprecated path (i.e.
`services.grafana.provision.{datasources,dashboards}`), but that's the
already a new option, i.e. the submodule for the new stuff.
To make sure that you still get errors, I implemented a small hack using
`coercedTo` which throws an error if a list is specified (as it would be
done on 22.05) which explains what to do instead to make the migration
easier.
Also, I linkified the options in the manual now to make it easier to
navigate between those.
This commit refactors `services.grafana.provision.datasources` towards
the RFC42 style. To preserve backwards compatibility, we have to jump
through a ton of hoops, introducing esoteric type signatures and bizarre
structs. The Grafana module definition should hopefully become a lot
cleaner after a release cycle or two once the old configuration style is
completely deprecated.
