nixos/modules/services/monitoring/osquery.nix at 17.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / monitoring / osquery.nix
at 17.09-beta 2.3 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3with builtins;
 4with lib;
 5
 6let
 7  cfg = config.services.osquery;
 8
 9in
10
11{
12
13  options = {
14
15    services.osquery = {
16
17      enable = mkEnableOption "osquery";
18
19      loggerPath = mkOption {
20        type = types.path;
21        description = "Base directory used for logging.";
22        default = "/var/log/osquery";
23      };
24
25      pidfile = mkOption {
26        type = types.path;
27        description = "Path used for pid file.";
28        default = "/var/osquery/osqueryd.pidfile";
29      };
30
31      utc = mkOption {
32        type = types.bool;
33        description = "Attempt to convert all UNIX calendar times to UTC.";
34        default = true;
35      };
36
37      databasePath = mkOption {
38        type = types.path;
39        description = "Path used for database file.";
40        default = "/var/osquery/osquery.db";
41      };
42
43      extraConfig = mkOption {
44        type = types.attrs // {
45          merge = loc: foldl' (res: def: recursiveUpdate res def.value) {};
46        };
47        description = "Extra config to be recursively merged into the JSON config file.";
48        default = { };
49      };
50    };
51
52  };
53
54  config = mkIf cfg.enable {
55
56    environment.systemPackages = [ pkgs.osquery ];
57
58    environment.etc."osquery/osquery.conf".text = toJSON (
59      recursiveUpdate {
60        options = {
61          config_plugin = "filesystem";
62          logger_plugin = "filesystem";
63          logger_path = cfg.loggerPath;
64          database_path = cfg.databasePath;
65          utc = cfg.utc;
66        };
67      } cfg.extraConfig
68    );
69
70    systemd.services.osqueryd = {
71      description = "The osquery Daemon";
72      after = [ "network.target" "syslog.service" ];
73      wantedBy = [ "multi-user.target" ];
74      path = [ pkgs.osquery ];
75      preStart = ''
76        mkdir -p ${escapeShellArg cfg.loggerPath}
77        mkdir -p "$(dirname ${escapeShellArg cfg.pidfile})"
78        mkdir -p "$(dirname ${escapeShellArg cfg.databasePath})"
79      '';
80      serviceConfig = {
81        TimeoutStartSec = 0;
82        ExecStart = "${pkgs.osquery}/bin/osqueryd --logger_path ${escapeShellArg cfg.loggerPath} --pidfile ${escapeShellArg cfg.pidfile} --database_path ${escapeShellArg cfg.databasePath}";
83        KillMode = "process";
84        KillSignal = "SIGTERM";
85        Restart = "on-failure";
86      };
87    };
88
89  };
90
91}