pyrox.dev / nixpkgs
lol
fork atom

nixos/goss: init

Anthony Roussel 3a2d3bc3 9fc549a6

options
unified split
Changed files
+133
nixos
doc
manual
release-notes
rl-2311.section.md
modules
module-list.nix
services
monitoring
goss.md
goss.nix
+2
nixos/doc/manual/release-notes/rl-2311.section.md 
···

       
86

       
86

       
 

       



     

       
87

       
87

       
 

       
- [pgBouncer](https://www.pgbouncer.org), a PostgreSQL connection pooler. Available as [services.pgbouncer](#opt-services.pgbouncer.enable).


     

       
88

       
88

       
 

       



     

       

       
89

       
+

       
- [Goss](https://goss.rocks/), a YAML based serverspec alternative tool for validating a server's configuration. Available as [services.goss](#opt-services.goss.enable).


     

       

       
90

       
+

       



     

       
89

       
91

       
 

       
- [trust-dns](https://trust-dns.org/), a Rust based DNS server built to be safe and secure from the ground up. Available as [services.trust-dns](#opt-services.trust-dns.enable).


     

       
90

       
92

       
 

       



     

       
91

       
93

       
 

       
- [osquery](https://www.osquery.io/), a SQL powered operating system instrumentation, monitoring, and analytics.
+1
nixos/modules/module-list.nix 
···

       
773

       
773

       
 

       
  ./services/monitoring/datadog-agent.nix


     

       
774

       
774

       
 

       
  ./services/monitoring/do-agent.nix


     

       
775

       
775

       
 

       
  ./services/monitoring/fusion-inventory.nix


     

       

       
776

       
+

       
  ./services/monitoring/goss.nix


     

       
776

       
777

       
 

       
  ./services/monitoring/grafana-agent.nix


     

       
777

       
778

       
 

       
  ./services/monitoring/grafana-image-renderer.nix


     

       
778

       
779

       
 

       
  ./services/monitoring/grafana-reporter.nix
+44
nixos/modules/services/monitoring/goss.md 
···

       

       
1

       
+

       
# Goss {#module-services-goss}


     

       

       
2

       
+

       



     

       

       
3

       
+

       
[goss](https://goss.rocks/) is a YAML based serverspec alternative tool


     

       

       
4

       
+

       
for validating a server's configuration.


     

       

       
5

       
+

       



     

       

       
6

       
+

       
## Basic Usage {#module-services-goss-basic-usage}


     

       

       
7

       
+

       



     

       

       
8

       
+

       
A minimal configuration looks like this:


     

       

       
9

       
+

       



     

       

       
10

       
+

       
```


     

       

       
11

       
+

       
{


     

       

       
12

       
+

       
  services.goss = {


     

       

       
13

       
+

       
    enable = true;


     

       

       
14

       
+

       



     

       

       
15

       
+

       
    environment = {


     

       

       
16

       
+

       
      GOSS_FMT = "json";


     

       

       
17

       
+

       
      GOSS_LOGLEVEL = "TRACE";


     

       

       
18

       
+

       
    };


     

       

       
19

       
+

       



     

       

       
20

       
+

       
    settings = {


     

       

       
21

       
+

       
      addr."tcp://localhost:8080" = {


     

       

       
22

       
+

       
        reachable = true;


     

       

       
23

       
+

       
        local-address = "127.0.0.1";


     

       

       
24

       
+

       
      };


     

       

       
25

       
+

       
      command."check-goss-version" = {


     

       

       
26

       
+

       
        exec = "${lib.getExe pkgs.goss} --version";


     

       

       
27

       
+

       
        exit-status = 0;


     

       

       
28

       
+

       
      };


     

       

       
29

       
+

       
      dns.localhost.resolvable = true;


     

       

       
30

       
+

       
      file."/nix" = {


     

       

       
31

       
+

       
        filetype = "directory";


     

       

       
32

       
+

       
        exists = true;


     

       

       
33

       
+

       
      };


     

       

       
34

       
+

       
      group.root.exists = true;


     

       

       
35

       
+

       
      kernel-param."kernel.ostype".value = "Linux";


     

       

       
36

       
+

       
      service.goss = {


     

       

       
37

       
+

       
        enabled = true;


     

       

       
38

       
+

       
        running = true;


     

       

       
39

       
+

       
      };


     

       

       
40

       
+

       
      user.root.exists = true;


     

       

       
41

       
+

       
    };


     

       

       
42

       
+

       
  };


     

       

       
43

       
+

       
}


     

       

       
44

       
+

       
```
+86
nixos/modules/services/monitoring/goss.nix 
···

       

       
1

       
+

       
{ config, lib, pkgs, ... }:


     

       

       
2

       
+

       



     

       

       
3

       
+

       
let


     

       

       
4

       
+

       
  cfg = config.services.goss;


     

       

       
5

       
+

       



     

       

       
6

       
+

       
  settingsFormat = pkgs.formats.yaml { };


     

       

       
7

       
+

       
  configFile = settingsFormat.generate "goss.yaml" cfg.settings;


     

       

       
8

       
+

       



     

       

       
9

       
+

       
in {


     

       

       
10

       
+

       
  meta = {


     

       

       
11

       
+

       
    doc = ./goss.md;


     

       

       
12

       
+

       
    maintainers = [ lib.maintainers.anthonyroussel ];


     

       

       
13

       
+

       
  };


     

       

       
14

       
+

       



     

       

       
15

       
+

       
  options = {


     

       

       
16

       
+

       
    services.goss = {


     

       

       
17

       
+

       
      enable = lib.mkEnableOption (lib.mdDoc "Goss daemon");


     

       

       
18

       
+

       



     

       

       
19

       
+

       
      package = lib.mkPackageOptionMD pkgs "goss" { };


     

       

       
20

       
+

       



     

       

       
21

       
+

       
      environment = lib.mkOption {


     

       

       
22

       
+

       
        type = lib.types.attrsOf lib.types.str;


     

       

       
23

       
+

       
        default = { };


     

       

       
24

       
+

       
        example = {


     

       

       
25

       
+

       
          GOSS_FMT = "json";


     

       

       
26

       
+

       
          GOSS_LOGLEVEL = "FATAL";


     

       

       
27

       
+

       
          GOSS_LISTEN = ":8080";


     

       

       
28

       
+

       
        };


     

       

       
29

       
+

       
        description = lib.mdDoc ''


     

       

       
30

       
+

       
          Environment variables to set for the goss service.


     

       

       
31

       
+

       



     

       

       
32

       
+

       
          See <https://github.com/goss-org/goss/blob/master/docs/manual.md>


     

       

       
33

       
+

       
        '';


     

       

       
34

       
+

       
      };


     

       

       
35

       
+

       



     

       

       
36

       
+

       
      settings = lib.mkOption {


     

       

       
37

       
+

       
        type = lib.types.submodule { freeformType = settingsFormat.type; };


     

       

       
38

       
+

       
        default = { };


     

       

       
39

       
+

       
        example = {


     

       

       
40

       
+

       
          addr."tcp://localhost:8080" = {


     

       

       
41

       
+

       
            reachable = true;


     

       

       
42

       
+

       
            local-address = "127.0.0.1";


     

       

       
43

       
+

       
          };


     

       

       
44

       
+

       
          service.goss = {


     

       

       
45

       
+

       
            enabled = true;


     

       

       
46

       
+

       
            running = true;


     

       

       
47

       
+

       
          };


     

       

       
48

       
+

       
        };


     

       

       
49

       
+

       
        description = lib.mdDoc ''


     

       

       
50

       
+

       
          The global options in `config` file in yaml format.


     

       

       
51

       
+

       



     

       

       
52

       
+

       
          Refer to <https://github.com/goss-org/goss/blob/master/docs/goss-json-schema.yaml> for schema.


     

       

       
53

       
+

       
        '';


     

       

       
54

       
+

       
      };


     

       

       
55

       
+

       
    };


     

       

       
56

       
+

       
  };


     

       

       
57

       
+

       



     

       

       
58

       
+

       
  config = lib.mkIf cfg.enable {


     

       

       
59

       
+

       
    environment.systemPackages = [ cfg.package ];


     

       

       
60

       
+

       



     

       

       
61

       
+

       
    systemd.services.goss = {


     

       

       
62

       
+

       
      description = "Goss - Quick and Easy server validation";


     

       

       
63

       
+

       
      unitConfig.Documentation = "https://github.com/goss-org/goss/blob/master/docs/manual.md";


     

       

       
64

       
+

       



     

       

       
65

       
+

       
      after = [ "network-online.target" ];


     

       

       
66

       
+

       
      wantedBy = [ "multi-user.target" ];


     

       

       
67

       
+

       
      wants = [ "network-online.target" ];


     

       

       
68

       
+

       



     

       

       
69

       
+

       
      environment = {


     

       

       
70

       
+

       
        GOSS_FILE = configFile;


     

       

       
71

       
+

       
      } // cfg.environment;


     

       

       
72

       
+

       



     

       

       
73

       
+

       
      reloadTriggers = [ configFile ];


     

       

       
74

       
+

       



     

       

       
75

       
+

       
      serviceConfig = {


     

       

       
76

       
+

       
        DynamicUser = true;


     

       

       
77

       
+

       
        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";


     

       

       
78

       
+

       
        ExecStart = "${cfg.package}/bin/goss serve";


     

       

       
79

       
+

       
        Group = "goss";


     

       

       
80

       
+

       
        Restart = "on-failure";


     

       

       
81

       
+

       
        RestartSec = 5;


     

       

       
82

       
+

       
        User = "goss";


     

       

       
83

       
+

       
      };


     

       

       
84

       
+

       
    };


     

       

       
85

       
+

       
  };


     

       

       
86

       
+

       
}