nixos/modules/services/logging/graylog.nix at 16.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / logging / graylog.nix
at 16.09-beta 5.1 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.graylog;
  7  configBool = b: if b then "true" else "false";
  8
  9  confFile = pkgs.writeText "graylog.conf" ''
 10    is_master = ${configBool cfg.isMaster}
 11    node_id_file = ${cfg.nodeIdFile}
 12    password_secret = ${cfg.passwordSecret}
 13    root_username = ${cfg.rootUsername}
 14    root_password_sha2 = ${cfg.rootPasswordSha2}
 15    elasticsearch_cluster_name = ${cfg.elasticsearchClusterName}
 16    elasticsearch_discovery_zen_ping_multicast_enabled = ${configBool cfg.elasticsearchDiscoveryZenPingMulticastEnabled}
 17    elasticsearch_discovery_zen_ping_unicast_hosts = ${cfg.elasticsearchDiscoveryZenPingUnicastHosts}
 18    message_journal_dir = ${cfg.messageJournalDir}
 19    mongodb_uri = ${cfg.mongodbUri}
 20
 21    ${cfg.extraConfig}
 22  '';
 23in
 24
 25{
 26  ###### interface
 27
 28  options = {
 29
 30    services.graylog = {
 31
 32      enable = mkEnableOption "Graylog";
 33
 34      package = mkOption {
 35        type = types.package;
 36        default = pkgs.graylog;
 37        defaultText = "pkgs.graylog";
 38        example = literalExample "pkgs.graylog";
 39        description = "Graylog package to use.";
 40      };
 41
 42      user = mkOption {
 43        type = types.str;
 44        default = "graylog";
 45        example = literalExample "graylog";
 46        description = "User account under which graylog runs";
 47      };
 48
 49      isMaster = mkOption {
 50        type = types.bool;
 51        default = true;
 52        description = "Whether this is the master instance of your Graylog cluster";
 53      };
 54
 55      nodeIdFile = mkOption {
 56        type = types.str;
 57        default = "/var/lib/graylog/server/node-id";
 58        description = "Path of the file containing the graylog node-id";
 59      };
 60
 61      passwordSecret = mkOption {
 62        type = types.str;
 63        description = ''
 64          You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
 65          Generate one by using for example: pwgen -N 1 -s 96
 66        '';
 67      };
 68
 69      rootUsername = mkOption {
 70        type = types.str;
 71        default = "admin";
 72        description = "Name of the default administrator user";
 73      };
 74
 75      rootPasswordSha2 = mkOption {
 76        type = types.str;
 77        example = "e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e952";
 78        description = ''
 79          You MUST specify a hash password for the root user (which you only need to initially set up the
 80          system and in case you lose connectivity to your authentication backend)
 81          This password cannot be changed using the API or via the web interface. If you need to change it,
 82          modify it here.
 83          Create one by using for example: echo -n yourpassword | shasum -a 256
 84          and use the resulting hash value as string for the option
 85        '';
 86      };
 87
 88      elasticsearchClusterName = mkOption {
 89        type = types.str;
 90        example = "graylog";
 91        description = "This must be the same as for your Elasticsearch cluster";
 92      };
 93
 94      elasticsearchDiscoveryZenPingMulticastEnabled = mkOption {
 95        type = types.bool;
 96        default = false;
 97        description = "Whether to use elasticsearch multicast discovery";
 98      };
 99
100      elasticsearchDiscoveryZenPingUnicastHosts = mkOption {
101        type = types.str;
102        default = "127.0.0.1:9300";
103        description = "Tells Graylogs Elasticsearch client how to find other cluster members. See Elasticsearch documentation for details";
104      };
105
106      messageJournalDir = mkOption {
107        type = types.str;
108        default = "/var/lib/graylog/data/journal";
109        description = "The directory which will be used to store the message journal. The directory must be exclusively used by Graylog and must not contain any other files than the ones created by Graylog itself";
110      };
111
112      mongodbUri = mkOption {
113        type = types.str;
114        default = "mongodb://localhost/graylog";
115        description = "MongoDB connection string. See http://docs.mongodb.org/manual/reference/connection-string/ for details";
116      };
117
118      extraConfig = mkOption {
119        type = types.str;
120        default = "";
121        description = "Any other configuration options you might want to add";
122      };
123
124    };
125  };
126
127
128  ###### implementation
129
130  config = mkIf cfg.enable {
131
132    users.extraUsers = mkIf (cfg.user == "graylog") {
133      graylog = {
134        uid = config.ids.uids.graylog;
135        description = "Graylog server daemon user";
136      };
137    };
138
139    systemd.services.graylog = with pkgs; {
140      description = "Graylog Server";
141      wantedBy = [ "multi-user.target" ];
142      environment = {
143        JAVA_HOME = jre;
144        GRAYLOG_CONF = "${confFile}";
145      };
146      path = [ pkgs.openjdk8 pkgs.which pkgs.procps ];
147      preStart = ''
148        mkdir -p /var/lib/graylog -m 755
149        chown -R ${cfg.user} /var/lib/graylog
150
151        mkdir -p ${cfg.messageJournalDir} -m 755
152        chown -R ${cfg.user} ${cfg.messageJournalDir}
153      '';
154      serviceConfig = {
155        User="${cfg.user}";
156        PermissionsStartOnly=true;
157        ExecStart = "${cfg.package}/bin/graylogctl run";
158      };
159    };
160  };
161}