diff options
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/logging/graylog.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/misc/jackett.nix | 9 | ||||
-rw-r--r-- | nixos/modules/services/misc/lidarr.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/misc/zoneminder.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/loki.nix | 112 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/netdata.nix | 18 |
6 files changed, 138 insertions, 6 deletions
diff --git a/nixos/modules/services/logging/graylog.nix b/nixos/modules/services/logging/graylog.nix index ee566825498..c8c4a9ff06d 100644 --- a/nixos/modules/services/logging/graylog.nix +++ b/nixos/modules/services/logging/graylog.nix @@ -108,7 +108,7 @@ in }; extraConfig = mkOption { - type = types.str; + type = types.lines; default = ""; description = "Any other configuration options you might want to add"; }; diff --git a/nixos/modules/services/misc/jackett.nix b/nixos/modules/services/misc/jackett.nix index a07f20e5c24..f2dc6635df9 100644 --- a/nixos/modules/services/misc/jackett.nix +++ b/nixos/modules/services/misc/jackett.nix @@ -34,6 +34,13 @@ in default = "jackett"; description = "Group under which Jackett runs."; }; + + package = mkOption { + type = types.package; + default = pkgs.jackett; + defaultText = "pkgs.jackett"; + description = "Jackett package to use."; + }; }; }; @@ -51,7 +58,7 @@ in Type = "simple"; User = cfg.user; Group = cfg.group; - ExecStart = "${pkgs.jackett}/bin/Jackett --NoUpdates --DataFolder '${cfg.dataDir}'"; + ExecStart = "${cfg.package}/bin/Jackett --NoUpdates --DataFolder '${cfg.dataDir}'"; Restart = "on-failure"; }; }; diff --git a/nixos/modules/services/misc/lidarr.nix b/nixos/modules/services/misc/lidarr.nix index 4c37bd74f15..40755c16217 100644 --- a/nixos/modules/services/misc/lidarr.nix +++ b/nixos/modules/services/misc/lidarr.nix @@ -68,6 +68,7 @@ in users.users = mkIf (cfg.user == "lidarr") { lidarr = { group = cfg.group; + home = "/var/lib/lidarr"; uid = config.ids.uids.lidarr; }; }; diff --git a/nixos/modules/services/misc/zoneminder.nix b/nixos/modules/services/misc/zoneminder.nix index 8d58c2b37c8..cf56ae89b39 100644 --- a/nixos/modules/services/misc/zoneminder.nix +++ b/nixos/modules/services/misc/zoneminder.nix @@ -262,7 +262,7 @@ in { fastcgi_pass ${fcgi.socketType}:${fcgi.socketAddress}; } - location /cache { + location /cache/ { alias /var/cache/${dirName}; } diff --git a/nixos/modules/services/monitoring/loki.nix b/nixos/modules/services/monitoring/loki.nix new file mode 100644 index 00000000000..4d11360d07e --- /dev/null +++ b/nixos/modules/services/monitoring/loki.nix @@ -0,0 +1,112 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) escapeShellArgs literalExample mkEnableOption mkIf mkOption types; + + cfg = config.services.loki; + + prettyJSON = conf: + pkgs.runCommand "loki-config.json" { } '' + echo '${builtins.toJSON conf}' | ${pkgs.jq}/bin/jq 'del(._module)' > $out + ''; + +in { + options.services.loki = { + enable = mkEnableOption "loki"; + + user = mkOption { + type = types.str; + default = "loki"; + description = '' + User under which the Loki service runs. + ''; + }; + + group = mkOption { + type = types.str; + default = "loki"; + description = '' + Group under which the Loki service runs. + ''; + }; + + dataDir = mkOption { + type = types.path; + default = "/var/lib/loki"; + description = '' + Specify the directory for Loki. + ''; + }; + + configuration = mkOption { + type = types.attrs; + default = {}; + description = '' + Specify the configuration for Loki in Nix. + ''; + }; + + configFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Specify a configuration file that Loki should use. + ''; + }; + + extraFlags = mkOption { + type = types.listOf types.str; + default = []; + example = literalExample [ "--server.http-listen-port=3101" ]; + description = '' + Specify a list of additional command line flags, + which get escaped and are then passed to Loki. + ''; + }; + }; + + config = mkIf cfg.enable { + assertions = [{ + assertion = ( + (cfg.configuration == {} -> cfg.configFile != null) && + (cfg.configFile != null -> cfg.configuration == {}) + ); + message = '' + Please specify either + 'services.loki.configuration' or + 'services.loki.configFile'. + ''; + }]; + + users.groups.${cfg.group} = { }; + users.users.${cfg.user} = { + description = "Loki Service User"; + group = cfg.group; + home = cfg.dataDir; + createHome = true; + isSystemUser = true; + }; + + systemd.services.loki = { + description = "Loki Service Daemon"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = let + conf = if cfg.configFile == null + then prettyJSON cfg.configuration + else cfg.configFile; + in + { + ExecStart = "${pkgs.grafana-loki}/bin/loki --config.file=${conf} ${escapeShellArgs cfg.extraFlags}"; + User = cfg.user; + Restart = "always"; + PrivateTmp = true; + ProtectHome = true; + ProtectSystem = "full"; + DecvicePolicy = "closed"; + NoNewPrivileges = true; + WorkingDirectory = cfg.dataDir; + }; + }; + }; +} diff --git a/nixos/modules/services/monitoring/netdata.nix b/nixos/modules/services/monitoring/netdata.nix index f264b6dd456..f9b7550af23 100644 --- a/nixos/modules/services/monitoring/netdata.nix +++ b/nixos/modules/services/monitoring/netdata.nix @@ -141,11 +141,18 @@ in { path = (with pkgs; [ gawk curl ]) ++ lib.optional cfg.python.enable (pkgs.python3.withPackages cfg.python.extraPackages); serviceConfig = { - User = cfg.user; - Group = cfg.group; Environment="PYTHONPATH=${pkgs.netdata}/libexec/netdata/python.d/python_modules"; - ExecStart = "${pkgs.netdata}/bin/netdata -D -c ${configFile}"; + ExecStart = "${pkgs.netdata}/bin/netdata -P /run/netdata/netdata.pid -D -c ${configFile}"; + ExecReload = "${pkgs.utillinux}/bin/kill -s HUP -s USR1 -s USR2 $MAINPID"; TimeoutStopSec = 60; + # User and group + User = cfg.user; + Group = cfg.group; + # Runtime directory and mode + RuntimeDirectory = "netdata"; + RuntimeDirectoryMode = "0755"; + # Performance + LimitNOFILE = "30000"; }; }; @@ -165,6 +172,11 @@ in { permissions = "u+rx,g+rx,o-rwx"; }; + security.pam.loginLimits = [ + { domain = "netdata"; type = "soft"; item = "nofile"; value = "10000"; } + { domain = "netdata"; type = "hard"; item = "nofile"; value = "30000"; } + ]; + users.users = optional (cfg.user == defaultUser) { name = defaultUser; }; |