From 4a3aa6ff98a08971135819d6ee145a63e1882840 Mon Sep 17 00:00:00 2001 From: happysalada Date: Fri, 18 Nov 2022 17:20:05 -0500 Subject: [PATCH] tremor-rs: module init --- nixos/modules/module-list.nix | 1 + .../modules/services/monitoring/tremor-rs.nix | 129 ++++++++++++++++++ 2 files changed, 130 insertions(+) create mode 100644 nixos/modules/services/monitoring/tremor-rs.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index a886332e90b..8fdf1f09cd1 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -718,6 +718,7 @@ ./services/monitoring/teamviewer.nix ./services/monitoring/telegraf.nix ./services/monitoring/thanos.nix + ./services/monitoring/tremor-rs.nix ./services/monitoring/tuptime.nix ./services/monitoring/unifi-poller.nix ./services/monitoring/ups.nix diff --git a/nixos/modules/services/monitoring/tremor-rs.nix b/nixos/modules/services/monitoring/tremor-rs.nix new file mode 100644 index 00000000000..213e8a47486 --- /dev/null +++ b/nixos/modules/services/monitoring/tremor-rs.nix @@ -0,0 +1,129 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + + cfg = config.services.tremor-rs; + + loggerSettingsFormat = pkgs.formats.yaml { }; + loggerConfigFile = loggerSettingsFormat.generate "logger.yaml" cfg.loggerSettings; +in { + + options = { + services.tremor-rs = { + enable = lib.mkEnableOption (lib.mdDoc "Tremor event- or stream-processing system"); + + troyFileList = mkOption { + type = types.listOf types.path; + default = []; + description = lib.mdDoc "List of troy files to load."; + }; + + tremorLibDir = mkOption { + type = types.path; + default = ""; + description = lib.mdDoc "Directory where to find /lib containing tremor script files"; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = lib.mdDoc "The host tremor should be listening on"; + }; + + port = mkOption { + type = types.port; + default = 9898; + description = lib.mdDoc "the port tremor should be listening on"; + }; + + loggerSettings = mkOption { + description = lib.mdDoc "Tremor logger configuration"; + default = {}; + type = loggerSettingsFormat.type; + + example = { + refresh_rate = "30 seconds"; + appenders.stdout.kind = "console"; + root = { + level = "warn"; + appenders = [ "stdout" ]; + }; + loggers = { + tremor_runtime = { + level = "debug"; + appenders = [ "stdout" ]; + additive = false; + }; + tremor = { + level = "debug"; + appenders = [ "stdout" ]; + additive = false; + }; + }; + }; + + defaultText = literalExpression '' + { + refresh_rate = "30 seconds"; + appenders.stdout.kind = "console"; + root = { + level = "warn"; + appenders = [ "stdout" ]; + }; + loggers = { + tremor_runtime = { + level = "debug"; + appenders = [ "stdout" ]; + additive = false; + }; + tremor = { + level = "debug"; + appenders = [ "stdout" ]; + additive = false; + }; + }; + } + ''; + + }; + }; + }; + + config = mkIf (cfg.enable) { + + environment.systemPackages = [ pkgs.tremor-rs ] ; + + systemd.services.tremor-rs = { + description = "Tremor event- or stream-processing system"; + wantedBy = [ "multi-user.target" ]; + requires = [ "network-online.target" ]; + after = [ "network-online.target" ]; + + environment.TREMOR_PATH = "${pkgs.tremor-rs}/lib:${cfg.tremorLibDir}"; + + serviceConfig = { + ExecStart = "${pkgs.tremor-rs}/bin/tremor --logger-config ${loggerConfigFile} server run ${concatStringsSep " " cfg.troyFileList} --api-host ${cfg.host}:${toString cfg.port}"; + DynamicUser = true; + Restart = "always"; + NoNewPrivileges = true; + PrivateTmp = true; + ProtectHome = true; + ProtectClock = true; + ProtectProc = "noaccess"; + ProcSubset = "pid"; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + ProtectHostname = true; + RestrictSUIDSGID = true; + RestrictRealtime = true; + RestrictNamespaces = true; + LockPersonality = true; + RemoveIPC = true; + SystemCallFilter = [ "@system-service" "~@privileged" ]; + }; + }; + }; +}