nixpkgs/nixos/modules/services/logging/graylog.nix
pennae 2e751c0772 treewide: automatically md-convert option descriptions
the conversion procedure is simple:

 - find all things that look like options, ie calls to either `mkOption`
   or `lib.mkOption` that take an attrset. remember the attrset as the
   option
 - for all options, find a `description` attribute who's value is not a
   call to `mdDoc` or `lib.mdDoc`
 - textually convert the entire value of the attribute to MD with a few
   simple regexes (the set from mdize-module.sh)
 - if the change produced a change in the manual output, discard
 - if the change kept the manual unchanged, add some text to the
   description to make sure we've actually found an option. if the
   manual changes this time, keep the converted description

this procedure converts 80% of nixos options to markdown. around 2000
options remain to be inspected, but most of those fail the "does not
change the manual output check": currently the MD conversion process
does not faithfully convert docbook tags like <code> and <package>, so
any option using such tags will not be converted at all.
2022-07-30 15:16:34 +02:00

169 lines
5.3 KiB
Nix

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.graylog;
confFile = pkgs.writeText "graylog.conf" ''
is_master = ${boolToString cfg.isMaster}
node_id_file = ${cfg.nodeIdFile}
password_secret = ${cfg.passwordSecret}
root_username = ${cfg.rootUsername}
root_password_sha2 = ${cfg.rootPasswordSha2}
elasticsearch_hosts = ${concatStringsSep "," cfg.elasticsearchHosts}
message_journal_dir = ${cfg.messageJournalDir}
mongodb_uri = ${cfg.mongodbUri}
plugin_dir = /var/lib/graylog/plugins
${cfg.extraConfig}
'';
glPlugins = pkgs.buildEnv {
name = "graylog-plugins";
paths = cfg.plugins;
};
in
{
###### interface
options = {
services.graylog = {
enable = mkEnableOption "Graylog";
package = mkOption {
type = types.package;
default = pkgs.graylog;
defaultText = literalExpression "pkgs.graylog";
description = lib.mdDoc "Graylog package to use.";
};
user = mkOption {
type = types.str;
default = "graylog";
description = lib.mdDoc "User account under which graylog runs";
};
isMaster = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc "Whether this is the master instance of your Graylog cluster";
};
nodeIdFile = mkOption {
type = types.str;
default = "/var/lib/graylog/server/node-id";
description = lib.mdDoc "Path of the file containing the graylog node-id";
};
passwordSecret = mkOption {
type = types.str;
description = lib.mdDoc ''
You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
Generate one by using for example: pwgen -N 1 -s 96
'';
};
rootUsername = mkOption {
type = types.str;
default = "admin";
description = lib.mdDoc "Name of the default administrator user";
};
rootPasswordSha2 = mkOption {
type = types.str;
example = "e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e952";
description = lib.mdDoc ''
You MUST specify a hash password for the root user (which you only need to initially set up the
system and in case you lose connectivity to your authentication backend)
This password cannot be changed using the API or via the web interface. If you need to change it,
modify it here.
Create one by using for example: echo -n yourpassword | shasum -a 256
and use the resulting hash value as string for the option
'';
};
elasticsearchHosts = mkOption {
type = types.listOf types.str;
example = literalExpression ''[ "http://node1:9200" "http://user:password@node2:19200" ]'';
description = lib.mdDoc "List of valid URIs of the http ports of your elastic nodes. If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that requires authentication";
};
messageJournalDir = mkOption {
type = types.str;
default = "/var/lib/graylog/data/journal";
description = lib.mdDoc "The directory which will be used to store the message journal. The directory must be exclusively used by Graylog and must not contain any other files than the ones created by Graylog itself";
};
mongodbUri = mkOption {
type = types.str;
default = "mongodb://localhost/graylog";
description = lib.mdDoc "MongoDB connection string. See http://docs.mongodb.org/manual/reference/connection-string/ for details";
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = lib.mdDoc "Any other configuration options you might want to add";
};
plugins = mkOption {
description = lib.mdDoc "Extra graylog plugins";
default = [ ];
type = types.listOf types.package;
};
};
};
###### implementation
config = mkIf cfg.enable {
users.users = mkIf (cfg.user == "graylog") {
graylog = {
isSystemUser = true;
group = "graylog";
description = "Graylog server daemon user";
};
};
users.groups = mkIf (cfg.user == "graylog") { graylog = {}; };
systemd.tmpfiles.rules = [
"d '${cfg.messageJournalDir}' - ${cfg.user} - - -"
];
systemd.services.graylog = {
description = "Graylog Server";
wantedBy = [ "multi-user.target" ];
environment = {
GRAYLOG_CONF = "${confFile}";
};
path = [ pkgs.which pkgs.procps ];
preStart = ''
rm -rf /var/lib/graylog/plugins || true
mkdir -p /var/lib/graylog/plugins -m 755
mkdir -p "$(dirname ${cfg.nodeIdFile})"
chown -R ${cfg.user} "$(dirname ${cfg.nodeIdFile})"
for declarativeplugin in `ls ${glPlugins}/bin/`; do
ln -sf ${glPlugins}/bin/$declarativeplugin /var/lib/graylog/plugins/$declarativeplugin
done
for includedplugin in `ls ${cfg.package}/plugin/`; do
ln -s ${cfg.package}/plugin/$includedplugin /var/lib/graylog/plugins/$includedplugin || true
done
'';
serviceConfig = {
User="${cfg.user}";
StateDirectory = "graylog";
ExecStart = "${cfg.package}/bin/graylogctl run";
};
};
};
}