diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 6ac12e4e138..0c281da8416 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -396,6 +396,7 @@ ./services/logging/rsyslogd.nix ./services/logging/syslog-ng.nix ./services/logging/syslogd.nix + ./services/logging/vector.nix ./services/mail/clamsmtp.nix ./services/mail/davmail.nix ./services/mail/dkimproxy-out.nix diff --git a/nixos/modules/services/logging/vector.nix b/nixos/modules/services/logging/vector.nix new file mode 100644 index 00000000000..a7c54ad75fd --- /dev/null +++ b/nixos/modules/services/logging/vector.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, ... }: + +with lib; +let cfg = config.services.vector; + +in { + options.services.vector = { + enable = mkEnableOption "Vector"; + + journaldAccess = mkOption { + type = types.bool; + default = false; + description = '' + Enable Vector to access journald. + ''; + }; + + settings = mkOption { + type = (pkgs.formats.json { }).type; + default = { }; + description = '' + Specify the configuration for Vector in Nix. + ''; + }; + }; + + config = mkIf cfg.enable { + + users.groups.vector = { }; + users.users.vector = { + description = "Vector service user"; + group = "vector"; + isSystemUser = true; + }; + systemd.services.vector = { + description = "Vector event and log aggregator"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + requires = [ "network-online.target" ]; + serviceConfig = let + format = pkgs.formats.toml { }; + conf = format.generate "vector.toml" cfg.settings; + validateConfig = file: + pkgs.runCommand "validate-vector-conf" { } '' + ${pkgs.vector}/bin/vector validate --no-topology --no-environment "${file}" + ln -s "${file}" "$out" + ''; + in { + ExecStart = "${pkgs.vector}/bin/vector --config ${validateConfig conf}"; + User = "vector"; + Group = "vector"; + Restart = "no"; + StateDirectory = "vector"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + AmbientCapabilities = "CAP_NET_BIND_SERVICE"; + # This group is required for accessing journald. + SupplementaryGroups = mkIf cfg.journaldAccess "systemd-journal"; + }; + }; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index d4aff486225..38354a76528 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -376,6 +376,7 @@ in uwsgi = handleTest ./uwsgi.nix {}; v2ray = handleTest ./v2ray.nix {}; vault = handleTest ./vault.nix {}; + vector = handleTest ./vector.nix {}; victoriametrics = handleTest ./victoriametrics.nix {}; virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {}; wasabibackend = handleTest ./wasabibackend.nix {}; diff --git a/nixos/tests/vector.nix b/nixos/tests/vector.nix new file mode 100644 index 00000000000..3da7d0f30ed --- /dev/null +++ b/nixos/tests/vector.nix @@ -0,0 +1,37 @@ +{ system ? builtins.currentSystem, config ? { } +, pkgs ? import ../.. { inherit system config; } }: + +with import ../lib/testing-python.nix { inherit system pkgs; }; +with pkgs.lib; + +{ + test1 = makeTest { + name = "vector-test1"; + meta.maintainers = [ pkgs.stdenv.lib.maintainers.thoughtpolice ]; + + machine = { config, pkgs, ... }: { + services.vector = { + enable = true; + journaldAccess = true; + settings = { + sources.journald.type = "journald"; + + sinks = { + file = { + type = "file"; + inputs = [ "journald" ]; + path = "/var/lib/vector/logs.log"; + encoding = { codec = "ndjson"; }; + }; + }; + }; + }; + }; + + # ensure vector is forwarding the messages appropriately + testScript = '' + machine.wait_for_unit("vector.service") + machine.succeed("test -f /var/lib/vector/logs.log") + ''; + }; +}