pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / monitoring / osquery.nix
at 25.11-pre 4.2 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7let 8 cfg = config.services.osquery; 9 dirname = 10 path: 11 with lib.strings; 12 with lib.lists; 13 concatStringsSep "/" (init (splitString "/" (normalizePath path))); 14 15 # conf is the osquery configuration file used when the --config_plugin=filesystem. 16 # filesystem is the osquery default value for the config_plugin flag. 17 conf = pkgs.writeText "osquery.conf" (builtins.toJSON cfg.settings); 18 19 # flagfile is the file containing osquery command line flags to be 20 # provided to the application using the special --flagfile option. 21 flagfile = pkgs.writeText "osquery.flags" ( 22 lib.concatStringsSep "\n" ( 23 lib.mapAttrsToList (name: value: "--${name}=${value}") 24 # Use the conf derivation if not otherwise specified. 25 ({ config_path = conf; } // cfg.flags) 26 ) 27 ); 28 29 osqueryi = pkgs.runCommand "osqueryi" { nativeBuildInputs = [ pkgs.makeWrapper ]; } '' 30 mkdir -p $out/bin 31 makeWrapper ${pkgs.osquery}/bin/osqueryi $out/bin/osqueryi \ 32 --add-flags "--flagfile ${flagfile} --disable-database" 33 ''; 34in 35{ 36 options.services.osquery = { 37 enable = lib.mkEnableOption "osqueryd daemon"; 38 39 settings = lib.mkOption { 40 default = { }; 41 description = '' 42 Configuration to be written to the osqueryd JSON configuration file. 43 To understand the configuration format, refer to <https://osquery.readthedocs.io/en/stable/deployment/configuration/#configuration-components>. 44 ''; 45 example = { 46 options.utc = false; 47 }; 48 type = lib.types.attrs; 49 }; 50 51 flags = lib.mkOption { 52 default = { }; 53 description = '' 54 Attribute set of flag names and values to be written to the osqueryd flagfile. 55 For more information, refer to <https://osquery.readthedocs.io/en/stable/installation/cli-flags>. 56 ''; 57 example = { 58 config_refresh = "10"; 59 }; 60 type = 61 with lib.types; 62 submodule { 63 freeformType = attrsOf str; 64 options = { 65 database_path = lib.mkOption { 66 default = "/var/lib/osquery/osquery.db"; 67 readOnly = true; 68 description = '' 69 Path used for the database file. 70 71 ::: {.note} 72 If left as the default value, this directory will be automatically created before the 73 service starts, otherwise you are responsible for ensuring the directory exists with 74 the appropriate ownership and permissions. 75 ''; 76 type = path; 77 }; 78 logger_path = lib.mkOption { 79 default = "/var/log/osquery"; 80 readOnly = true; 81 description = '' 82 Base directory used for logging. 83 84 ::: {.note} 85 If left as the default value, this directory will be automatically created before the 86 service starts, otherwise you are responsible for ensuring the directory exists with 87 the appropriate ownership and permissions. 88 ''; 89 type = path; 90 }; 91 pidfile = lib.mkOption { 92 default = "/run/osquery/osqueryd.pid"; 93 readOnly = true; 94 description = "Path used for pid file."; 95 type = path; 96 }; 97 }; 98 }; 99 }; 100 }; 101 102 config = lib.mkIf cfg.enable { 103 environment.systemPackages = [ osqueryi ]; 104 systemd.services.osqueryd = { 105 after = [ 106 "network.target" 107 "syslog.service" 108 ]; 109 description = "The osquery daemon"; 110 serviceConfig = { 111 ExecStart = "${pkgs.osquery}/bin/osqueryd --flagfile ${flagfile}"; 112 PIDFile = cfg.flags.pidfile; 113 LogsDirectory = lib.mkIf (cfg.flags.logger_path == "/var/log/osquery") [ "osquery" ]; 114 StateDirectory = lib.mkIf (cfg.flags.database_path == "/var/lib/osquery/osquery.db") [ "osquery" ]; 115 Restart = "always"; 116 }; 117 wantedBy = [ "multi-user.target" ]; 118 }; 119 systemd.tmpfiles.settings."10-osquery".${dirname (cfg.flags.pidfile)}.d = { 120 user = "root"; 121 group = "root"; 122 mode = "0755"; 123 }; 124 }; 125}