pyrox.dev
1{ config, lib, pkgs, ... }:
2
3with lib;
4let cfg = config.services.vector;
5
6in
7{
8 options.services.vector = {
9 enable = mkEnableOption "Vector";
10
11 journaldAccess = mkOption {
12 type = types.bool;
13 default = false;
14 description = ''
15 Enable Vector to access journald.
16 '';
17 };
18
19 settings = mkOption {
20 type = (pkgs.formats.json { }).type;
21 default = { };
22 description = ''
23 Specify the configuration for Vector in Nix.
24 '';
25 };
26 };
27
28 config = mkIf cfg.enable {
29
30 users.groups.vector = { };
31 users.users.vector = {
32 description = "Vector service user";
33 group = "vector";
34 isSystemUser = true;
35 };
36 systemd.services.vector = {
37 description = "Vector event and log aggregator";
38 wantedBy = [ "multi-user.target" ];
39 after = [ "network-online.target" ];
40 requires = [ "network-online.target" ];
41 serviceConfig =
42 let
43 format = pkgs.formats.toml { };
44 conf = format.generate "vector.toml" cfg.settings;
45 validateConfig = file:
46 pkgs.runCommand "validate-vector-conf" { } ''
47 ${pkgs.vector}/bin/vector validate --no-environment "${file}"
48 ln -s "${file}" "$out"
49 '';
50 in
51 {
52 ExecStart = "${pkgs.vector}/bin/vector --config ${validateConfig conf}";
53 User = "vector";
54 Group = "vector";
55 Restart = "no";
56 StateDirectory = "vector";
57 ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
58 AmbientCapabilities = "CAP_NET_BIND_SERVICE";
59 # This group is required for accessing journald.
60 SupplementaryGroups = mkIf cfg.journaldAccess "systemd-journal";
61 };
62 };
63 };
64}