diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/monitoring/osquery.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/monitoring/osquery.nix | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/services/monitoring/osquery.nix b/nixpkgs/nixos/modules/services/monitoring/osquery.nix new file mode 100644 index 000000000000..c8c625577d39 --- /dev/null +++ b/nixpkgs/nixos/modules/services/monitoring/osquery.nix @@ -0,0 +1,91 @@ +{ config, lib, pkgs, ... }: + +with builtins; +with lib; + +let + cfg = config.services.osquery; + +in + +{ + + options = { + + services.osquery = { + + enable = mkEnableOption "osquery"; + + loggerPath = mkOption { + type = types.path; + description = "Base directory used for logging."; + default = "/var/log/osquery"; + }; + + pidfile = mkOption { + type = types.path; + description = "Path used for pid file."; + default = "/var/osquery/osqueryd.pidfile"; + }; + + utc = mkOption { + type = types.bool; + description = "Attempt to convert all UNIX calendar times to UTC."; + default = true; + }; + + databasePath = mkOption { + type = types.path; + description = "Path used for database file."; + default = "/var/osquery/osquery.db"; + }; + + extraConfig = mkOption { + type = types.attrs // { + merge = loc: foldl' (res: def: recursiveUpdate res def.value) {}; + }; + description = "Extra config to be recursively merged into the JSON config file."; + default = { }; + }; + }; + + }; + + config = mkIf cfg.enable { + + environment.systemPackages = [ pkgs.osquery ]; + + environment.etc."osquery/osquery.conf".text = toJSON ( + recursiveUpdate { + options = { + config_plugin = "filesystem"; + logger_plugin = "filesystem"; + logger_path = cfg.loggerPath; + database_path = cfg.databasePath; + utc = cfg.utc; + }; + } cfg.extraConfig + ); + + systemd.services.osqueryd = { + description = "The osquery Daemon"; + after = [ "network.target" "syslog.service" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.osquery ]; + preStart = '' + mkdir -p ${escapeShellArg cfg.loggerPath} + mkdir -p "$(dirname ${escapeShellArg cfg.pidfile})" + mkdir -p "$(dirname ${escapeShellArg cfg.databasePath})" + ''; + serviceConfig = { + TimeoutStartSec = "infinity"; + ExecStart = "${pkgs.osquery}/bin/osqueryd --logger_path ${escapeShellArg cfg.loggerPath} --pidfile ${escapeShellArg cfg.pidfile} --database_path ${escapeShellArg cfg.databasePath}"; + KillMode = "process"; + KillSignal = "SIGTERM"; + Restart = "on-failure"; + }; + }; + + }; + +} |