graylog service: Initial graylog service

+163
+1
nixos/modules/misc/ids.nix
··· 264 taskd = 240; 265 factorio = 241; 266 emby = 242; 267 268 # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! 269
··· 264 taskd = 240; 265 factorio = 241; 266 emby = 242; 267 + graylog = 243; 268 269 # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! 270
+1
nixos/modules/module-list.nix
··· 183 ./services/hardware/thermald.nix 184 ./services/logging/awstats.nix 185 ./services/logging/fluentd.nix 186 ./services/logging/klogd.nix 187 ./services/logging/logcheck.nix 188 ./services/logging/logrotate.nix
··· 183 ./services/hardware/thermald.nix 184 ./services/logging/awstats.nix 185 ./services/logging/fluentd.nix 186 + ./services/logging/graylog.nix 187 ./services/logging/klogd.nix 188 ./services/logging/logcheck.nix 189 ./services/logging/logrotate.nix
+161
nixos/modules/services/logging/graylog.nix
···
··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.services.graylog; 7 + configBool = b: if b then "true" else "false"; 8 + 9 + confFile = pkgs.writeText "graylog.conf" '' 10 + is_master = ${configBool cfg.isMaster} 11 + node_id_file = ${cfg.nodeIdFile} 12 + password_secret = ${cfg.passwordSecret} 13 + root_username = ${cfg.rootUsername} 14 + root_password_sha2 = ${cfg.rootPasswordSha2} 15 + elasticsearch_cluster_name = ${cfg.elasticsearchClusterName} 16 + elasticsearch_discovery_zen_ping_multicast_enabled = ${configBool cfg.elasticsearchDiscoveryZenPingMulticastEnabled} 17 + elasticsearch_discovery_zen_ping_unicast_hosts = ${cfg.elasticsearchDiscoveryZenPingUnicastHosts} 18 + message_journal_dir = ${cfg.messageJournalDir} 19 + mongodb_uri = ${cfg.mongodbUri} 20 + 21 + ${cfg.extraConfig} 22 + ''; 23 + in 24 + 25 + { 26 + ###### interface 27 + 28 + options = { 29 + 30 + services.graylog = { 31 + 32 + enable = mkEnableOption "Graylog"; 33 + 34 + package = mkOption { 35 + type = types.package; 36 + default = pkgs.graylog; 37 + defaultText = "pkgs.graylog"; 38 + example = literalExample "pkgs.graylog"; 39 + description = "Graylog package to use."; 40 + }; 41 + 42 + user = mkOption { 43 + type = types.str; 44 + default = "graylog"; 45 + example = literalExample "graylog"; 46 + description = "User account under which graylog runs"; 47 + }; 48 + 49 + isMaster = mkOption { 50 + type = types.bool; 51 + default = true; 52 + description = "Whether this is the master instance of your Graylog cluster"; 53 + }; 54 + 55 + nodeIdFile = mkOption { 56 + type = types.str; 57 + default = "/var/lib/graylog/server/node-id"; 58 + description = "Path of the file containing the graylog node-id"; 59 + }; 60 + 61 + passwordSecret = mkOption { 62 + type = types.str; 63 + description = '' 64 + You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters. 65 + Generate one by using for example: pwgen -N 1 -s 96 66 + ''; 67 + }; 68 + 69 + rootUsername = mkOption { 70 + type = types.str; 71 + default = "admin"; 72 + description = "Name of the default administrator user"; 73 + }; 74 + 75 + rootPasswordSha2 = mkOption { 76 + type = types.str; 77 + example = "e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e952"; 78 + description = '' 79 + You MUST specify a hash password for the root user (which you only need to initially set up the 80 + system and in case you lose connectivity to your authentication backend) 81 + This password cannot be changed using the API or via the web interface. If you need to change it, 82 + modify it here. 83 + Create one by using for example: echo -n yourpassword | shasum -a 256 84 + and use the resulting hash value as string for the option 85 + ''; 86 + }; 87 + 88 + elasticsearchClusterName = mkOption { 89 + type = types.str; 90 + example = "graylog"; 91 + description = "This must be the same as for your Elasticsearch cluster"; 92 + }; 93 + 94 + elasticsearchDiscoveryZenPingMulticastEnabled = mkOption { 95 + type = types.bool; 96 + default = false; 97 + description = "Whether to use elasticsearch multicast discovery"; 98 + }; 99 + 100 + elasticsearchDiscoveryZenPingUnicastHosts = mkOption { 101 + type = types.str; 102 + default = "127.0.0.1:9300"; 103 + description = "Tells Graylogs Elasticsearch client how to find other cluster members. See Elasticsearch documentation for details"; 104 + }; 105 + 106 + messageJournalDir = mkOption { 107 + type = types.str; 108 + default = "/var/lib/graylog/data/journal"; 109 + description = "The directory which will be used to store the message journal. The directory must be exclusively used by Graylog and must not contain any other files than the ones created by Graylog itself"; 110 + }; 111 + 112 + mongodbUri = mkOption { 113 + type = types.str; 114 + default = "mongodb://localhost/graylog"; 115 + description = "MongoDB connection string. See http://docs.mongodb.org/manual/reference/connection-string/ for details"; 116 + }; 117 + 118 + extraConfig = mkOption { 119 + type = types.str; 120 + default = ""; 121 + description = "Any other configuration options you might want to add"; 122 + }; 123 + 124 + }; 125 + }; 126 + 127 + 128 + ###### implementation 129 + 130 + config = mkIf cfg.enable { 131 + 132 + users.extraUsers = mkIf (cfg.user == "graylog") { 133 + graylog = { 134 + uid = config.ids.uids.graylog; 135 + description = "Graylog server daemon user"; 136 + }; 137 + }; 138 + 139 + systemd.services.graylog = with pkgs; { 140 + description = "Graylog Server"; 141 + wantedBy = [ "multi-user.target" ]; 142 + environment = { 143 + JAVA_HOME = jre; 144 + GRAYLOG_CONF = "${confFile}"; 145 + }; 146 + path = [ pkgs.openjdk8 pkgs.which pkgs.procps ]; 147 + preStart = '' 148 + mkdir -p /var/lib/graylog -m 755 149 + chown -R ${cfg.user} /var/lib/graylog 150 + 151 + mkdir -p ${cfg.messageJournalDir} -m 755 152 + chown -R ${cfg.user} ${cfg.messageJournalDir} 153 + ''; 154 + serviceConfig = { 155 + User="${cfg.user}"; 156 + PermissionsStartOnly=true; 157 + ExecStart = "${cfg.package}/bin/graylogctl run"; 158 + }; 159 + }; 160 + }; 161 + }