diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2003.xml | 5 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/rename.nix | 3 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/osquery.nix | 91 | ||||
-rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
-rw-r--r-- | nixos/tests/osquery.nix | 28 |
6 files changed, 8 insertions, 121 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml index e8e89c5bbc28..4980a99e6468 100644 --- a/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixos/doc/manual/release-notes/rl-2003.xml @@ -181,6 +181,11 @@ The BeeGFS module has been removed. </para> </listitem> + <listitem> + <para> + The osquery module has been removed. + </para> + </listitem> </itemizedlist> </section> diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 6d1ef0d234ab..9e0d9478b5de 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -518,7 +518,6 @@ ./services/monitoring/munin.nix ./services/monitoring/nagios.nix ./services/monitoring/netdata.nix - ./services/monitoring/osquery.nix ./services/monitoring/prometheus/default.nix ./services/monitoring/prometheus/alertmanager.nix ./services/monitoring/prometheus/exporters.nix diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 96ff4882eb67..d4bce3b49d36 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -285,6 +285,9 @@ with lib; (mkRemovedOptionModule [ "services.beegfsEnable" ] "The BeeGFS module has been removed") (mkRemovedOptionModule [ "services.beegfs" ] "The BeeGFS module has been removed") + # osquery + (mkRemovedOptionModule [ "services.osquery" ] "The osquery module has been removed") + # Redis (mkRemovedOptionModule [ "services" "redis" "user" ] "The redis module now is hardcoded to the redis user.") (mkRemovedOptionModule [ "services" "redis" "dbpath" ] "The redis module now uses /var/lib/redis as data directory.") diff --git a/nixos/modules/services/monitoring/osquery.nix b/nixos/modules/services/monitoring/osquery.nix deleted file mode 100644 index c8c625577d39..000000000000 --- a/nixos/modules/services/monitoring/osquery.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ config, lib, pkgs, ... }: - -with builtins; -with lib; - -let - cfg = config.services.osquery; - -in - -{ - - options = { - - services.osquery = { - - enable = mkEnableOption "osquery"; - - loggerPath = mkOption { - type = types.path; - description = "Base directory used for logging."; - default = "/var/log/osquery"; - }; - - pidfile = mkOption { - type = types.path; - description = "Path used for pid file."; - default = "/var/osquery/osqueryd.pidfile"; - }; - - utc = mkOption { - type = types.bool; - description = "Attempt to convert all UNIX calendar times to UTC."; - default = true; - }; - - databasePath = mkOption { - type = types.path; - description = "Path used for database file."; - default = "/var/osquery/osquery.db"; - }; - - extraConfig = mkOption { - type = types.attrs // { - merge = loc: foldl' (res: def: recursiveUpdate res def.value) {}; - }; - description = "Extra config to be recursively merged into the JSON config file."; - default = { }; - }; - }; - - }; - - config = mkIf cfg.enable { - - environment.systemPackages = [ pkgs.osquery ]; - - environment.etc."osquery/osquery.conf".text = toJSON ( - recursiveUpdate { - options = { - config_plugin = "filesystem"; - logger_plugin = "filesystem"; - logger_path = cfg.loggerPath; - database_path = cfg.databasePath; - utc = cfg.utc; - }; - } cfg.extraConfig - ); - - systemd.services.osqueryd = { - description = "The osquery Daemon"; - after = [ "network.target" "syslog.service" ]; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.osquery ]; - preStart = '' - mkdir -p ${escapeShellArg cfg.loggerPath} - mkdir -p "$(dirname ${escapeShellArg cfg.pidfile})" - mkdir -p "$(dirname ${escapeShellArg cfg.databasePath})" - ''; - serviceConfig = { - TimeoutStartSec = "infinity"; - ExecStart = "${pkgs.osquery}/bin/osqueryd --logger_path ${escapeShellArg cfg.loggerPath} --pidfile ${escapeShellArg cfg.pidfile} --database_path ${escapeShellArg cfg.databasePath}"; - KillMode = "process"; - KillSignal = "SIGTERM"; - Restart = "on-failure"; - }; - }; - - }; - -} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 3d5bc408c445..7945a239f6a0 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -206,7 +206,6 @@ in openstack-image-metadata = (handleTestOn ["x86_64-linux"] ./openstack-image.nix {}).metadata or {}; orangefs = handleTest ./orangefs.nix {}; os-prober = handleTestOn ["x86_64-linux"] ./os-prober.nix {}; - osquery = handleTest ./osquery.nix {}; osrm-backend = handleTest ./osrm-backend.nix {}; overlayfs = handleTest ./overlayfs.nix {}; packagekit = handleTest ./packagekit.nix {}; diff --git a/nixos/tests/osquery.nix b/nixos/tests/osquery.nix deleted file mode 100644 index d95871ffafc6..000000000000 --- a/nixos/tests/osquery.nix +++ /dev/null @@ -1,28 +0,0 @@ -import ./make-test.nix ({ pkgs, lib, ... }: - -with lib; - -{ - name = "osquery"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ ma27 ]; - }; - - machine = { - services.osquery.enable = true; - services.osquery.loggerPath = "/var/log/osquery/logs"; - services.osquery.pidfile = "/run/osqueryd.pid"; - }; - - testScript = '' - $machine->start; - $machine->waitForUnit("osqueryd.service"); - - $machine->succeed("echo 'SELECT address FROM etc_hosts LIMIT 1;' | osqueryi | grep '127.0.0.1'"); - $machine->succeed( - "echo 'SELECT value FROM osquery_flags WHERE name = \"logger_path\";' | osqueryi | grep /var/log/osquery/logs" - ); - - $machine->succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"pidfile\";' | osqueryi | grep /run/osqueryd.pid"); - ''; -}) |