nixos/modules/services/logging/graylog.nix at 21.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / logging / graylog.nix
at 21.11-pre 5.2 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.graylog;
  7
  8  confFile = pkgs.writeText "graylog.conf" ''
  9    is_master = ${boolToString cfg.isMaster}
 10    node_id_file = ${cfg.nodeIdFile}
 11    password_secret = ${cfg.passwordSecret}
 12    root_username = ${cfg.rootUsername}
 13    root_password_sha2 = ${cfg.rootPasswordSha2}
 14    elasticsearch_hosts = ${concatStringsSep "," cfg.elasticsearchHosts}
 15    message_journal_dir = ${cfg.messageJournalDir}
 16    mongodb_uri = ${cfg.mongodbUri}
 17    plugin_dir = /var/lib/graylog/plugins
 18
 19    ${cfg.extraConfig}
 20  '';
 21
 22  glPlugins = pkgs.buildEnv {
 23    name = "graylog-plugins";
 24    paths = cfg.plugins;
 25  };
 26
 27in
 28
 29{
 30  ###### interface
 31
 32  options = {
 33
 34    services.graylog = {
 35
 36      enable = mkEnableOption "Graylog";
 37
 38      package = mkOption {
 39        type = types.package;
 40        default = pkgs.graylog;
 41        defaultText = "pkgs.graylog";
 42        description = "Graylog package to use.";
 43      };
 44
 45      user = mkOption {
 46        type = types.str;
 47        default = "graylog";
 48        example = literalExample "graylog";
 49        description = "User account under which graylog runs";
 50      };
 51
 52      isMaster = mkOption {
 53        type = types.bool;
 54        default = true;
 55        description = "Whether this is the master instance of your Graylog cluster";
 56      };
 57
 58      nodeIdFile = mkOption {
 59        type = types.str;
 60        default = "/var/lib/graylog/server/node-id";
 61        description = "Path of the file containing the graylog node-id";
 62      };
 63
 64      passwordSecret = mkOption {
 65        type = types.str;
 66        description = ''
 67          You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
 68          Generate one by using for example: pwgen -N 1 -s 96
 69        '';
 70      };
 71
 72      rootUsername = mkOption {
 73        type = types.str;
 74        default = "admin";
 75        description = "Name of the default administrator user";
 76      };
 77
 78      rootPasswordSha2 = mkOption {
 79        type = types.str;
 80        example = "e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e952";
 81        description = ''
 82          You MUST specify a hash password for the root user (which you only need to initially set up the
 83          system and in case you lose connectivity to your authentication backend)
 84          This password cannot be changed using the API or via the web interface. If you need to change it,
 85          modify it here.
 86          Create one by using for example: echo -n yourpassword | shasum -a 256
 87          and use the resulting hash value as string for the option
 88        '';
 89      };
 90
 91      elasticsearchHosts = mkOption {
 92        type = types.listOf types.str;
 93        example = literalExample ''[ "http://node1:9200" "http://user:password@node2:19200" ]'';
 94        description = "List of valid URIs of the http ports of your elastic nodes. If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that requires authentication";
 95      };
 96
 97      messageJournalDir = mkOption {
 98        type = types.str;
 99        default = "/var/lib/graylog/data/journal";
100        description = "The directory which will be used to store the message journal. The directory must be exclusively used by Graylog and must not contain any other files than the ones created by Graylog itself";
101      };
102
103      mongodbUri = mkOption {
104        type = types.str;
105        default = "mongodb://localhost/graylog";
106        description = "MongoDB connection string. See http://docs.mongodb.org/manual/reference/connection-string/ for details";
107      };
108
109      extraConfig = mkOption {
110        type = types.lines;
111        default = "";
112        description = "Any other configuration options you might want to add";
113      };
114
115      plugins = mkOption {
116        description = "Extra graylog plugins";
117        default = [ ];
118        type = types.listOf types.package;
119      };
120
121    };
122  };
123
124
125  ###### implementation
126
127  config = mkIf cfg.enable {
128
129    users.users = mkIf (cfg.user == "graylog") {
130      graylog = {
131        uid = config.ids.uids.graylog;
132        description = "Graylog server daemon user";
133      };
134    };
135
136    systemd.tmpfiles.rules = [
137      "d '${cfg.messageJournalDir}' - ${cfg.user} - - -"
138    ];
139
140    systemd.services.graylog = {
141      description = "Graylog Server";
142      wantedBy = [ "multi-user.target" ];
143      environment = {
144        GRAYLOG_CONF = "${confFile}";
145      };
146      path = [ pkgs.which pkgs.procps ];
147      preStart = ''
148        rm -rf /var/lib/graylog/plugins || true
149        mkdir -p /var/lib/graylog/plugins -m 755
150
151        mkdir -p "$(dirname ${cfg.nodeIdFile})"
152        chown -R ${cfg.user} "$(dirname ${cfg.nodeIdFile})"
153
154        for declarativeplugin in `ls ${glPlugins}/bin/`; do
155          ln -sf ${glPlugins}/bin/$declarativeplugin /var/lib/graylog/plugins/$declarativeplugin
156        done
157        for includedplugin in `ls ${cfg.package}/plugin/`; do
158          ln -s ${cfg.package}/plugin/$includedplugin /var/lib/graylog/plugins/$includedplugin || true
159        done
160      '';
161      serviceConfig = {
162        User="${cfg.user}";
163        StateDirectory = "graylog";
164        ExecStart = "${cfg.package}/bin/graylogctl run";
165      };
166    };
167  };
168}