pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / monitoring / tremor-rs.nix
at 23.11-pre 3.6 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4let 5 6 cfg = config.services.tremor-rs; 7 8 loggerSettingsFormat = pkgs.formats.yaml { }; 9 loggerConfigFile = loggerSettingsFormat.generate "logger.yaml" cfg.loggerSettings; 10in { 11 12 options = { 13 services.tremor-rs = { 14 enable = lib.mkEnableOption (lib.mdDoc "Tremor event- or stream-processing system"); 15 16 troyFileList = mkOption { 17 type = types.listOf types.path; 18 default = []; 19 description = lib.mdDoc "List of troy files to load."; 20 }; 21 22 tremorLibDir = mkOption { 23 type = types.path; 24 default = ""; 25 description = lib.mdDoc "Directory where to find /lib containing tremor script files"; 26 }; 27 28 host = mkOption { 29 type = types.str; 30 default = "127.0.0.1"; 31 description = lib.mdDoc "The host tremor should be listening on"; 32 }; 33 34 port = mkOption { 35 type = types.port; 36 default = 9898; 37 description = lib.mdDoc "the port tremor should be listening on"; 38 }; 39 40 loggerSettings = mkOption { 41 description = lib.mdDoc "Tremor logger configuration"; 42 default = {}; 43 type = loggerSettingsFormat.type; 44 45 example = { 46 refresh_rate = "30 seconds"; 47 appenders.stdout.kind = "console"; 48 root = { 49 level = "warn"; 50 appenders = [ "stdout" ]; 51 }; 52 loggers = { 53 tremor_runtime = { 54 level = "debug"; 55 appenders = [ "stdout" ]; 56 additive = false; 57 }; 58 tremor = { 59 level = "debug"; 60 appenders = [ "stdout" ]; 61 additive = false; 62 }; 63 }; 64 }; 65 66 defaultText = literalExpression '' 67 { 68 refresh_rate = "30 seconds"; 69 appenders.stdout.kind = "console"; 70 root = { 71 level = "warn"; 72 appenders = [ "stdout" ]; 73 }; 74 loggers = { 75 tremor_runtime = { 76 level = "debug"; 77 appenders = [ "stdout" ]; 78 additive = false; 79 }; 80 tremor = { 81 level = "debug"; 82 appenders = [ "stdout" ]; 83 additive = false; 84 }; 85 }; 86 } 87 ''; 88 89 }; 90 }; 91 }; 92 93 config = mkIf (cfg.enable) { 94 95 environment.systemPackages = [ pkgs.tremor-rs ] ; 96 97 systemd.services.tremor-rs = { 98 description = "Tremor event- or stream-processing system"; 99 wantedBy = [ "multi-user.target" ]; 100 requires = [ "network-online.target" ]; 101 after = [ "network-online.target" ]; 102 103 environment.TREMOR_PATH = "${pkgs.tremor-rs}/lib:${cfg.tremorLibDir}"; 104 105 serviceConfig = { 106 ExecStart = "${pkgs.tremor-rs}/bin/tremor --logger-config ${loggerConfigFile} server run ${concatStringsSep " " cfg.troyFileList} --api-host ${cfg.host}:${toString cfg.port}"; 107 DynamicUser = true; 108 Restart = "always"; 109 NoNewPrivileges = true; 110 PrivateTmp = true; 111 ProtectHome = true; 112 ProtectClock = true; 113 ProtectProc = "noaccess"; 114 ProcSubset = "pid"; 115 ProtectKernelLogs = true; 116 ProtectKernelModules = true; 117 ProtectKernelTunables = true; 118 ProtectControlGroups = true; 119 ProtectHostname = true; 120 RestrictSUIDSGID = true; 121 RestrictRealtime = true; 122 RestrictNamespaces = true; 123 LockPersonality = true; 124 RemoveIPC = true; 125 SystemCallFilter = [ "@system-service" "~@privileged" ]; 126 }; 127 }; 128 }; 129}