nixos/modules/services/logging/graylog.nix at 17.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / logging / graylog.nix
at 17.09-beta 5.3 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.graylog;
  7
  8  confFile = pkgs.writeText "graylog.conf" ''
  9    is_master = ${boolToString cfg.isMaster}
 10    node_id_file = ${cfg.nodeIdFile}
 11    password_secret = ${cfg.passwordSecret}
 12    root_username = ${cfg.rootUsername}
 13    root_password_sha2 = ${cfg.rootPasswordSha2}
 14    elasticsearch_hosts = ${concatStringsSep "," cfg.elasticsearchHosts}
 15    message_journal_dir = ${cfg.messageJournalDir}
 16    mongodb_uri = ${cfg.mongodbUri}
 17    plugin_dir = /var/lib/graylog/plugins
 18
 19    ${cfg.extraConfig}
 20  '';
 21
 22  glPlugins = pkgs.buildEnv {
 23    name = "graylog-plugins";
 24    paths = cfg.plugins;
 25  };
 26
 27in
 28
 29{
 30  ###### interface
 31
 32  options = {
 33
 34    services.graylog = {
 35
 36      enable = mkEnableOption "Graylog";
 37
 38      package = mkOption {
 39        type = types.package;
 40        default = pkgs.graylog;
 41        defaultText = "pkgs.graylog";
 42        example = literalExample "pkgs.graylog";
 43        description = "Graylog package to use.";
 44      };
 45
 46      user = mkOption {
 47        type = types.str;
 48        default = "graylog";
 49        example = literalExample "graylog";
 50        description = "User account under which graylog runs";
 51      };
 52
 53      isMaster = mkOption {
 54        type = types.bool;
 55        default = true;
 56        description = "Whether this is the master instance of your Graylog cluster";
 57      };
 58
 59      nodeIdFile = mkOption {
 60        type = types.str;
 61        default = "/var/lib/graylog/server/node-id";
 62        description = "Path of the file containing the graylog node-id";
 63      };
 64
 65      passwordSecret = mkOption {
 66        type = types.str;
 67        description = ''
 68          You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
 69          Generate one by using for example: pwgen -N 1 -s 96
 70        '';
 71      };
 72
 73      rootUsername = mkOption {
 74        type = types.str;
 75        default = "admin";
 76        description = "Name of the default administrator user";
 77      };
 78
 79      rootPasswordSha2 = mkOption {
 80        type = types.str;
 81        example = "e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e952";
 82        description = ''
 83          You MUST specify a hash password for the root user (which you only need to initially set up the
 84          system and in case you lose connectivity to your authentication backend)
 85          This password cannot be changed using the API or via the web interface. If you need to change it,
 86          modify it here.
 87          Create one by using for example: echo -n yourpassword | shasum -a 256
 88          and use the resulting hash value as string for the option
 89        '';
 90      };
 91
 92      elasticsearchHosts = mkOption {
 93        type = types.listOf types.str;
 94        example = literalExample ''[ "http://node1:9200" "http://user:password@node2:19200" ]'';
 95        description = "List of valid URIs of the http ports of your elastic nodes. If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that requires authentication";
 96      };
 97
 98      messageJournalDir = mkOption {
 99        type = types.str;
100        default = "/var/lib/graylog/data/journal";
101        description = "The directory which will be used to store the message journal. The directory must be exclusively used by Graylog and must not contain any other files than the ones created by Graylog itself";
102      };
103
104      mongodbUri = mkOption {
105        type = types.str;
106        default = "mongodb://localhost/graylog";
107        description = "MongoDB connection string. See http://docs.mongodb.org/manual/reference/connection-string/ for details";
108      };
109
110      extraConfig = mkOption {
111        type = types.str;
112        default = "";
113        description = "Any other configuration options you might want to add";
114      };
115
116      plugins = mkOption {
117        description = "Extra graylog plugins";
118        default = [ ];
119        type = types.listOf types.package;
120      };
121
122    };
123  };
124
125
126  ###### implementation
127
128  config = mkIf cfg.enable {
129
130    users.extraUsers = mkIf (cfg.user == "graylog") {
131      graylog = {
132        uid = config.ids.uids.graylog;
133        description = "Graylog server daemon user";
134      };
135    };
136
137    systemd.services.graylog = with pkgs; {
138      description = "Graylog Server";
139      wantedBy = [ "multi-user.target" ];
140      environment = {
141        JAVA_HOME = jre;
142        GRAYLOG_CONF = "${confFile}";
143      };
144      path = [ pkgs.openjdk8 pkgs.which pkgs.procps ];
145      preStart = ''
146        mkdir -p /var/lib/graylog -m 755
147
148        rm -rf /var/lib/graylog/plugins || true
149        mkdir -p /var/lib/graylog/plugins -m 755
150
151        for declarativeplugin in `ls ${glPlugins}/bin/`; do
152          ln -sf ${glPlugins}/bin/$declarativeplugin /var/lib/graylog/plugins/$declarativeplugin
153        done
154        for includedplugin in `ls ${cfg.package}/plugin/`; do
155          ln -s ${cfg.package}/plugin/$includedplugin /var/lib/graylog/plugins/$includedplugin || true
156        done
157        chown -R ${cfg.user} /var/lib/graylog
158
159        mkdir -p ${cfg.messageJournalDir} -m 755
160        chown -R ${cfg.user} ${cfg.messageJournalDir}
161      '';
162      serviceConfig = {
163        User="${cfg.user}";
164        PermissionsStartOnly=true;
165        ExecStart = "${cfg.package}/bin/graylogctl run";
166      };
167    };
168  };
169}