nixos/modules/services/monitoring/osquery.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / monitoring / osquery.nix
at 24.11-pre 3.4 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4let
 5  cfg = config.services.osquery;
 6  dirname = path: with lib.strings; with lib.lists; concatStringsSep "/"
 7    (init (splitString "/" (normalizePath path)));
 8
 9  # conf is the osquery configuration file used when the --config_plugin=filesystem.
10  # filesystem is the osquery default value for the config_plugin flag.
11  conf = pkgs.writeText "osquery.conf" (builtins.toJSON cfg.settings);
12
13  # flagfile is the file containing osquery command line flags to be
14  # provided to the application using the special --flagfile option.
15  flagfile = pkgs.writeText "osquery.flags"
16    (concatStringsSep "\n"
17      (mapAttrsToList (name: value: "--${name}=${value}")
18        # Use the conf derivation if not otherwise specified.
19        ({ config_path = conf; } // cfg.flags)));
20
21  osqueryi = pkgs.runCommand "osqueryi" { nativeBuildInputs = [ pkgs.makeWrapper ]; } ''
22    mkdir -p $out/bin
23    makeWrapper ${pkgs.osquery}/bin/osqueryi $out/bin/osqueryi \
24      --add-flags "--flagfile ${flagfile} --disable-database"
25  '';
26in
27{
28  options.services.osquery = {
29    enable = mkEnableOption "osqueryd daemon";
30
31    settings = mkOption {
32      default = { };
33      description = ''
34        Configuration to be written to the osqueryd JSON configuration file.
35        To understand the configuration format, refer to https://osquery.readthedocs.io/en/stable/deployment/configuration/#configuration-components.
36      '';
37      example = {
38        options.utc = false;
39      };
40      type = types.attrs;
41    };
42
43    flags = mkOption {
44      default = { };
45      description = ''
46        Attribute set of flag names and values to be written to the osqueryd flagfile.
47        For more information, refer to https://osquery.readthedocs.io/en/stable/installation/cli-flags.
48      '';
49      example = {
50        config_refresh = "10";
51      };
52      type = with types;
53        submodule {
54          freeformType = attrsOf str;
55          options = {
56            database_path = mkOption {
57              default = "/var/lib/osquery/osquery.db";
58              readOnly = true;
59              description = "Path used for the database file.";
60              type = path;
61            };
62            logger_path = mkOption {
63              default = "/var/log/osquery";
64              readOnly = true;
65              description = "Base directory used for logging.";
66              type = path;
67            };
68            pidfile = mkOption {
69              default = "/run/osquery/osqueryd.pid";
70              readOnly = true;
71              description = "Path used for pid file.";
72              type = path;
73            };
74          };
75        };
76    };
77  };
78
79  config = mkIf cfg.enable {
80    environment.systemPackages = [ osqueryi ];
81    systemd.services.osqueryd = {
82      after = [ "network.target" "syslog.service" ];
83      description = "The osquery daemon";
84      serviceConfig = {
85        ExecStart = "${pkgs.osquery}/bin/osqueryd --flagfile ${flagfile}";
86        PIDFile = cfg.flags.pidfile;
87        LogsDirectory = cfg.flags.logger_path;
88        StateDirectory = dirname cfg.flags.database_path;
89        Restart = "always";
90      };
91      wantedBy = [ "multi-user.target" ];
92    };
93    systemd.tmpfiles.settings."10-osquery".${dirname (cfg.flags.pidfile)}.d = {
94      user = "root";
95      group = "root";
96      mode = "0755";
97    };
98  };
99}