tremor-rs: module init · pyrox.dev/nixpkgs@4a3aa6f

pyrox.dev / nixpkgs

fork atom

lol

fork atom

tremor-rs: module init

authored by

happysalada and committed by

Yt 3 years ago 4a3aa6ff ef945c5e

+130

2 changed files

expand all

nixos

modules

module-list.nix

services

monitoring

tremor-rs.nix

nixos/modules/module-list.nix

··· 718 718 ./services/monitoring/teamviewer.nix 719 719 ./services/monitoring/telegraf.nix 720 720 ./services/monitoring/thanos.nix 721 + ./services/monitoring/tremor-rs.nix 721 722 ./services/monitoring/tuptime.nix 722 723 ./services/monitoring/unifi-poller.nix 723 724 ./services/monitoring/ups.nix

+129

nixos/modules/services/monitoring/tremor-rs.nix

··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + let 5 + 6 + cfg = config.services.tremor-rs; 7 + 8 + loggerSettingsFormat = pkgs.formats.yaml { }; 9 + loggerConfigFile = loggerSettingsFormat.generate "logger.yaml" cfg.loggerSettings; 10 + in { 11 + 12 + options = { 13 + services.tremor-rs = { 14 + enable = lib.mkEnableOption (lib.mdDoc "Tremor event- or stream-processing system"); 15 + 16 + troyFileList = mkOption { 17 + type = types.listOf types.path; 18 + default = []; 19 + description = lib.mdDoc "List of troy files to load."; 20 + }; 21 + 22 + tremorLibDir = mkOption { 23 + type = types.path; 24 + default = ""; 25 + description = lib.mdDoc "Directory where to find /lib containing tremor script files"; 26 + }; 27 + 28 + host = mkOption { 29 + type = types.str; 30 + default = "127.0.0.1"; 31 + description = lib.mdDoc "The host tremor should be listening on"; 32 + }; 33 + 34 + port = mkOption { 35 + type = types.port; 36 + default = 9898; 37 + description = lib.mdDoc "the port tremor should be listening on"; 38 + }; 39 + 40 + loggerSettings = mkOption { 41 + description = lib.mdDoc "Tremor logger configuration"; 42 + default = {}; 43 + type = loggerSettingsFormat.type; 44 + 45 + example = { 46 + refresh_rate = "30 seconds"; 47 + appenders.stdout.kind = "console"; 48 + root = { 49 + level = "warn"; 50 + appenders = [ "stdout" ]; 51 + }; 52 + loggers = { 53 + tremor_runtime = { 54 + level = "debug"; 55 + appenders = [ "stdout" ]; 56 + additive = false; 57 + }; 58 + tremor = { 59 + level = "debug"; 60 + appenders = [ "stdout" ]; 61 + additive = false; 62 + }; 63 + }; 64 + }; 65 + 66 + defaultText = literalExpression '' 67 + { 68 + refresh_rate = "30 seconds"; 69 + appenders.stdout.kind = "console"; 70 + root = { 71 + level = "warn"; 72 + appenders = [ "stdout" ]; 73 + }; 74 + loggers = { 75 + tremor_runtime = { 76 + level = "debug"; 77 + appenders = [ "stdout" ]; 78 + additive = false; 79 + }; 80 + tremor = { 81 + level = "debug"; 82 + appenders = [ "stdout" ]; 83 + additive = false; 84 + }; 85 + }; 86 + } 87 + ''; 88 + 89 + }; 90 + }; 91 + }; 92 + 93 + config = mkIf (cfg.enable) { 94 + 95 + environment.systemPackages = [ pkgs.tremor-rs ] ; 96 + 97 + systemd.services.tremor-rs = { 98 + description = "Tremor event- or stream-processing system"; 99 + wantedBy = [ "multi-user.target" ]; 100 + requires = [ "network-online.target" ]; 101 + after = [ "network-online.target" ]; 102 + 103 + environment.TREMOR_PATH = "${pkgs.tremor-rs}/lib:${cfg.tremorLibDir}"; 104 + 105 + serviceConfig = { 106 + ExecStart = "${pkgs.tremor-rs}/bin/tremor --logger-config ${loggerConfigFile} server run ${concatStringsSep " " cfg.troyFileList} --api-host ${cfg.host}:${toString cfg.port}"; 107 + DynamicUser = true; 108 + Restart = "always"; 109 + NoNewPrivileges = true; 110 + PrivateTmp = true; 111 + ProtectHome = true; 112 + ProtectClock = true; 113 + ProtectProc = "noaccess"; 114 + ProcSubset = "pid"; 115 + ProtectKernelLogs = true; 116 + ProtectKernelModules = true; 117 + ProtectKernelTunables = true; 118 + ProtectControlGroups = true; 119 + ProtectHostname = true; 120 + RestrictSUIDSGID = true; 121 + RestrictRealtime = true; 122 + RestrictNamespaces = true; 123 + LockPersonality = true; 124 + RemoveIPC = true; 125 + SystemCallFilter = [ "@system-service" "~@privileged" ]; 126 + }; 127 + }; 128 + }; 129 + }