pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / monitoring / tremor-rs.nix
at 25.11-pre 3.7 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7let 8 9 cfg = config.services.tremor-rs; 10 11 loggerSettingsFormat = pkgs.formats.yaml { }; 12 loggerConfigFile = loggerSettingsFormat.generate "logger.yaml" cfg.loggerSettings; 13in 14{ 15 16 options = { 17 services.tremor-rs = { 18 enable = lib.mkEnableOption "Tremor event- or stream-processing system"; 19 20 troyFileList = lib.mkOption { 21 type = lib.types.listOf lib.types.path; 22 default = [ ]; 23 description = "List of troy files to load."; 24 }; 25 26 tremorLibDir = lib.mkOption { 27 type = lib.types.path; 28 default = ""; 29 description = "Directory where to find /lib containing tremor script files"; 30 }; 31 32 host = lib.mkOption { 33 type = lib.types.str; 34 default = "127.0.0.1"; 35 description = "The host tremor should be listening on"; 36 }; 37 38 port = lib.mkOption { 39 type = lib.types.port; 40 default = 9898; 41 description = "the port tremor should be listening on"; 42 }; 43 44 loggerSettings = lib.mkOption { 45 description = "Tremor logger configuration"; 46 default = { }; 47 type = loggerSettingsFormat.type; 48 49 example = { 50 refresh_rate = "30 seconds"; 51 appenders.stdout.kind = "console"; 52 root = { 53 level = "warn"; 54 appenders = [ "stdout" ]; 55 }; 56 loggers = { 57 tremor_runtime = { 58 level = "debug"; 59 appenders = [ "stdout" ]; 60 additive = false; 61 }; 62 tremor = { 63 level = "debug"; 64 appenders = [ "stdout" ]; 65 additive = false; 66 }; 67 }; 68 }; 69 70 defaultText = lib.literalExpression '' 71 { 72 refresh_rate = "30 seconds"; 73 appenders.stdout.kind = "console"; 74 root = { 75 level = "warn"; 76 appenders = [ "stdout" ]; 77 }; 78 loggers = { 79 tremor_runtime = { 80 level = "debug"; 81 appenders = [ "stdout" ]; 82 additive = false; 83 }; 84 tremor = { 85 level = "debug"; 86 appenders = [ "stdout" ]; 87 additive = false; 88 }; 89 }; 90 } 91 ''; 92 93 }; 94 }; 95 }; 96 97 config = lib.mkIf (cfg.enable) { 98 99 environment.systemPackages = [ pkgs.tremor-rs ]; 100 101 systemd.services.tremor-rs = { 102 description = "Tremor event- or stream-processing system"; 103 wantedBy = [ "multi-user.target" ]; 104 requires = [ "network-online.target" ]; 105 after = [ "network-online.target" ]; 106 107 environment.TREMOR_PATH = "${pkgs.tremor-rs}/lib:${cfg.tremorLibDir}"; 108 109 serviceConfig = { 110 ExecStart = "${pkgs.tremor-rs}/bin/tremor --logger-config ${loggerConfigFile} server run ${lib.concatStringsSep " " cfg.troyFileList} --api-host ${cfg.host}:${toString cfg.port}"; 111 DynamicUser = true; 112 Restart = "always"; 113 NoNewPrivileges = true; 114 PrivateTmp = true; 115 ProtectHome = true; 116 ProtectClock = true; 117 ProtectProc = "noaccess"; 118 ProcSubset = "pid"; 119 ProtectKernelLogs = true; 120 ProtectKernelModules = true; 121 ProtectKernelTunables = true; 122 ProtectControlGroups = true; 123 ProtectHostname = true; 124 RestrictSUIDSGID = true; 125 RestrictRealtime = true; 126 RestrictNamespaces = true; 127 LockPersonality = true; 128 RemoveIPC = true; 129 SystemCallFilter = [ 130 "@system-service" 131 "~@privileged" 132 ]; 133 }; 134 }; 135 }; 136}