movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-14 22:20:30 +03:00
Code Activity
nixpkgs/nixos/modules/services/monitoring/osquery.nix
Silvan Mosberger d9d87c5196 treewide: format all inactive Nix files 
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.

Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.

A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.

This commit was automatically created and can be verified using

    nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \
      --argstr baseRev 0128fbb0a5
    result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:29:24 +01:00

113 lines
3.3 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.services.osquery;
dirname =
path:
with lib.strings;
with lib.lists;
concatStringsSep "/" (init (splitString "/" (normalizePath path)));
# conf is the osquery configuration file used when the --config_plugin=filesystem.
# filesystem is the osquery default value for the config_plugin flag.
conf = pkgs.writeText "osquery.conf" (builtins.toJSON cfg.settings);
# flagfile is the file containing osquery command line flags to be
# provided to the application using the special --flagfile option.
flagfile = pkgs.writeText "osquery.flags" (
concatStringsSep "\n" (
mapAttrsToList (name: value: "--${name}=${value}")
# Use the conf derivation if not otherwise specified.
({ config_path = conf; } // cfg.flags)
)
);
osqueryi = pkgs.runCommand "osqueryi" { nativeBuildInputs = [ pkgs.makeWrapper ]; } ''
mkdir -p $out/bin
makeWrapper ${pkgs.osquery}/bin/osqueryi $out/bin/osqueryi \
--add-flags "--flagfile ${flagfile} --disable-database"
'';
in
{
options.services.osquery = {
enable = mkEnableOption "osqueryd daemon";
settings = mkOption {
default = { };
description = ''
Configuration to be written to the osqueryd JSON configuration file.
To understand the configuration format, refer to https://osquery.readthedocs.io/en/stable/deployment/configuration/#configuration-components.
'';
example = {
options.utc = false;
};
type = types.attrs;
};
flags = mkOption {
default = { };
description = ''
Attribute set of flag names and values to be written to the osqueryd flagfile.
For more information, refer to https://osquery.readthedocs.io/en/stable/installation/cli-flags.
'';
example = {
config_refresh = "10";
};
type =
with types;
submodule {
freeformType = attrsOf str;
options = {
database_path = mkOption {
default = "/var/lib/osquery/osquery.db";
readOnly = true;
description = "Path used for the database file.";
type = path;
};
logger_path = mkOption {
default = "/var/log/osquery";
readOnly = true;
description = "Base directory used for logging.";
type = path;
};
pidfile = mkOption {
default = "/run/osquery/osqueryd.pid";
readOnly = true;
description = "Path used for pid file.";
type = path;
};
};
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ osqueryi ];
systemd.services.osqueryd = {
after = [
"network.target"
"syslog.service"
];
description = "The osquery daemon";
serviceConfig = {
ExecStart = "${pkgs.osquery}/bin/osqueryd --flagfile ${flagfile}";
PIDFile = cfg.flags.pidfile;
LogsDirectory = cfg.flags.logger_path;
StateDirectory = dirname cfg.flags.database_path;
Restart = "always";
};
wantedBy = [ "multi-user.target" ];
};
systemd.tmpfiles.settings."10-osquery".${dirname (cfg.flags.pidfile)}.d = {
user = "root";
group = "root";
mode = "0755";
};
};
}
View git blame Copy permalink