blob: ebac70c30c22e331d70d81c3b18b14803c6ca703 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
{ config, lib, pkgs, ... }:
let
inherit (lib) escapeShellArgs mkEnableOption mkIf mkOption types;
cfg = config.services.loki;
prettyJSON = conf:
pkgs.runCommand "loki-config.json" { } ''
echo '${builtins.toJSON conf}' | ${pkgs.jq}/bin/jq 'del(._module)' > $out
'';
in {
options.services.loki = {
enable = mkEnableOption "loki";
user = mkOption {
type = types.str;
default = "loki";
description = ''
User under which the Loki service runs.
'';
};
group = mkOption {
type = types.str;
default = "loki";
description = ''
Group under which the Loki service runs.
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/loki";
description = ''
Specify the directory for Loki.
'';
};
configuration = mkOption {
type = (pkgs.formats.json {}).type;
default = {};
description = ''
Specify the configuration for Loki in Nix.
'';
};
configFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Specify a configuration file that Loki should use.
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [];
example = [ "--server.http-listen-port=3101" ];
description = ''
Specify a list of additional command line flags,
which get escaped and are then passed to Loki.
'';
};
};
config = mkIf cfg.enable {
assertions = [{
assertion = (
(cfg.configuration == {} -> cfg.configFile != null) &&
(cfg.configFile != null -> cfg.configuration == {})
);
message = ''
Please specify either
'services.loki.configuration' or
'services.loki.configFile'.
'';
}];
environment.systemPackages = [ pkgs.grafana-loki ]; # logcli
users.groups.${cfg.group} = { };
users.users.${cfg.user} = {
description = "Loki Service User";
group = cfg.group;
home = cfg.dataDir;
createHome = true;
isSystemUser = true;
};
systemd.services.loki = {
description = "Loki Service Daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = let
conf = if cfg.configFile == null
then prettyJSON cfg.configuration
else cfg.configFile;
in
{
ExecStart = "${pkgs.grafana-loki}/bin/loki --config.file=${conf} ${escapeShellArgs cfg.extraFlags}";
User = cfg.user;
Restart = "always";
PrivateTmp = true;
ProtectHome = true;
ProtectSystem = "full";
DevicePolicy = "closed";
NoNewPrivileges = true;
WorkingDirectory = cfg.dataDir;
};
};
};
}
|