pyrox.dev
1import ./make-test-python.nix (
2 { lib, pkgs, ... }:
3
4 let
5 config_refresh = "10";
6 nullvalue = "NULL";
7 utc = false;
8 in
9 {
10 name = "osquery";
11 meta.maintainers = with lib.maintainers; [
12 znewman01
13 lewo
14 ];
15
16 nodes.machine =
17 { config, pkgs, ... }:
18 {
19 services.osquery = {
20 enable = true;
21
22 settings.options = { inherit nullvalue utc; };
23 flags = {
24 inherit config_refresh;
25 nullvalue = "IGNORED";
26 };
27 };
28 };
29
30 testScript =
31 { nodes, ... }:
32 let
33 cfg = nodes.machine.services.osquery;
34 in
35 ''
36 machine.start()
37 machine.wait_for_unit("osqueryd.service")
38
39 # Stop the osqueryd service so that we can use osqueryi to check information stored in the database.
40 machine.wait_until_succeeds("systemctl stop osqueryd.service")
41
42 # osqueryd was able to query information about the host.
43 machine.succeed("echo 'SELECT address FROM etc_hosts LIMIT 1;' | osqueryi | tee /dev/console | grep -q '127.0.0.1'")
44
45 # osquery binaries respect configuration from the Nix config option.
46 machine.succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"utc\";' | osqueryi | tee /dev/console | grep -q ${lib.boolToString utc}")
47
48 # osquery binaries respect configuration from the Nix flags option.
49 machine.succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"config_refresh\";' | osqueryi | tee /dev/console | grep -q ${config_refresh}")
50
51 # Demonstrate that osquery binaries prefer configuration plugin options over CLI flags.
52 # https://osquery.readthedocs.io/en/latest/deployment/configuration/#options.
53 machine.succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"nullvalue\";' | osqueryi | tee /dev/console | grep -q ${nullvalue}")
54
55 # Module creates directories for default database_path and pidfile flag values.
56 machine.succeed("test -d $(dirname ${cfg.flags.database_path})")
57 machine.succeed("test -d $(dirname ${cfg.flags.pidfile})")
58 '';
59 }
60)