nixos/modules/services/monitoring/fluent-bit.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / monitoring / fluent-bit.nix
at 25.11-pre 3.2 kB view raw
  1{
  2  config,
  3  lib,
  4  pkgs,
  5  utils,
  6  ...
  7}:
  8let
  9  cfg = config.services.fluent-bit;
 10
 11  yamlFormat = pkgs.formats.yaml { };
 12in
 13{
 14  options.services.fluent-bit = {
 15    enable = lib.mkEnableOption "Fluent Bit";
 16    package = lib.mkPackageOption pkgs "fluent-bit" { };
 17    configurationFile = lib.mkOption {
 18      type = lib.types.path;
 19      default = yamlFormat.generate "fluent-bit.yaml" cfg.settings;
 20      defaultText = lib.literalExpression ''yamlFormat.generate "fluent-bit.yaml" cfg.settings'';
 21      description = ''
 22        Fluent Bit configuration. See
 23        <https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/yaml>
 24        for supported values.
 25
 26        {option}`configurationFile` takes precedence over {option}`settings`.
 27
 28        Note: Restricted evaluation blocks access to paths outside the Nix store.
 29        This means detecting content changes for mutable paths (i.e. not input or content-addressed) can't be done.
 30        As a result, `nixos-rebuild` won't reload/restart the systemd unit when mutable path contents change.
 31        `systemctl restart fluent-bit.service` must be used instead.
 32      '';
 33      example = "/etc/fluent-bit/fluent-bit.yaml";
 34    };
 35    settings = lib.mkOption {
 36      type = yamlFormat.type;
 37      default = { };
 38      description = ''
 39        See {option}`configurationFile`.
 40
 41        {option}`configurationFile` takes precedence over {option}`settings`.
 42      '';
 43      example = {
 44        service = {
 45          grace = 30;
 46        };
 47        pipeline = {
 48          inputs = [
 49            {
 50              name = "systemd";
 51              systemd_filter = "_SYSTEMD_UNIT=fluent-bit.service";
 52            }
 53          ];
 54          outputs = [
 55            {
 56              name = "file";
 57              path = "/var/log/fluent-bit";
 58              file = "fluent-bit.out";
 59            }
 60          ];
 61        };
 62      };
 63    };
 64    # See https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/yaml/service-section.
 65    graceLimit = lib.mkOption {
 66      type = lib.types.nullOr (
 67        lib.types.oneOf [
 68          lib.types.ints.positive
 69          lib.types.str
 70        ]
 71      );
 72      default = null;
 73      description = ''
 74        The grace time limit. Sets the systemd unit's `TimeoutStopSec`.
 75
 76        The `service.grace` option in the Fluent Bit configuration should be ≤ this option.
 77      '';
 78      example = 30;
 79    };
 80  };
 81
 82  config = lib.mkIf cfg.enable {
 83    # See https://github.com/fluent/fluent-bit/blob/v3.2.6/init/systemd.in.
 84    systemd.services.fluent-bit = {
 85      description = "Fluent Bit";
 86      after = [ "network.target" ];
 87      requires = [ "network.target" ];
 88      wantedBy = [ "multi-user.target" ];
 89      serviceConfig = {
 90        DynamicUser = true;
 91        # See https://nixos.org/manual/nixos/stable#sec-logging.
 92        SupplementaryGroups = "systemd-journal";
 93        ExecStart = utils.escapeSystemdExecArgs [
 94          (lib.getExe cfg.package)
 95          "--config"
 96          cfg.configurationFile
 97        ];
 98        Restart = "always";
 99        TimeoutStopSec = lib.mkIf (cfg.graceLimit != null) cfg.graceLimit;
100      };
101    };
102  };
103}