pyrox.dev
1{ config, lib, pkgs, ... }:
2
3with lib;
4let cfg = config.services.vector;
5
6in
7{
8 options.services.vector = {
9 enable = mkEnableOption (lib.mdDoc "Vector");
10
11 journaldAccess = mkOption {
12 type = types.bool;
13 default = false;
14 description = lib.mdDoc ''
15 Enable Vector to access journald.
16 '';
17 };
18
19 settings = mkOption {
20 type = (pkgs.formats.json { }).type;
21 default = { };
22 description = lib.mdDoc ''
23 Specify the configuration for Vector in Nix.
24 '';
25 };
26 };
27
28 config = mkIf cfg.enable {
29
30 users.groups.vector = { };
31 users.users.vector = {
32 description = "Vector service user";
33 group = "vector";
34 isSystemUser = true;
35 };
36 systemd.services.vector = {
37 description = "Vector event and log aggregator";
38 wantedBy = [ "multi-user.target" ];
39 after = [ "network-online.target" ];
40 requires = [ "network-online.target" ];
41 serviceConfig =
42 let
43 format = pkgs.formats.toml { };
44 conf = format.generate "vector.toml" cfg.settings;
45 validateConfig = file:
46 pkgs.runCommand "validate-vector-conf" {
47 nativeBuildInputs = [ pkgs.vector ];
48 } ''
49 vector validate --no-environment "${file}"
50 ln -s "${file}" "$out"
51 '';
52 in
53 {
54 ExecStart = "${pkgs.vector}/bin/vector --config ${validateConfig conf}";
55 User = "vector";
56 Group = "vector";
57 Restart = "no";
58 StateDirectory = "vector";
59 ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
60 AmbientCapabilities = "CAP_NET_BIND_SERVICE";
61 # This group is required for accessing journald.
62 SupplementaryGroups = mkIf cfg.journaldAccess "systemd-journal";
63 };
64 };
65 };
66}