nixos/vector: add module

nixos/modules/module-list.nix

@@ -396,6 +396,7 @@
   ./services/logging/rsyslogd.nix
   ./services/logging/syslog-ng.nix
   ./services/logging/syslogd.nix
+  ./services/logging/vector.nix
   ./services/mail/clamsmtp.nix
   ./services/mail/davmail.nix
   ./services/mail/dkimproxy-out.nix

nixos/modules/services/logging/vector.nix

@@ -0,0 +1,61 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let cfg = config.services.vector;
+
+in {
+  options.services.vector = {
+    enable = mkEnableOption "Vector";
+
+    journaldAccess = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Enable Vector to access journald.
+      '';
+    };
+
+    settings = mkOption {
+      type = (pkgs.formats.json { }).type;
+      default = { };
+      description = ''
+        Specify the configuration for Vector in Nix.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    users.groups.vector = { };
+    users.users.vector = {
+      description = "Vector service user";
+      group = "vector";
+      isSystemUser = true;
+    };
+    systemd.services.vector = {
+      description = "Vector event and log aggregator";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network-online.target" ];
+      requires = [ "network-online.target" ];
+      serviceConfig = let
+        format = pkgs.formats.toml { };
+        conf = format.generate "vector.toml" cfg.settings;
+        validateConfig = file:
+          pkgs.runCommand "validate-vector-conf" { } ''
+            ${pkgs.vector}/bin/vector validate --no-topology --no-environment "${file}"
+            ln -s "${file}" "$out"
+          '';
+      in {
+        ExecStart = "${pkgs.vector}/bin/vector --config ${validateConfig conf}";
+        User = "vector";
+        Group = "vector";
+        Restart = "no";
+        StateDirectory = "vector";
+        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+        AmbientCapabilities = "CAP_NET_BIND_SERVICE";
+        # This group is required for accessing journald.
+        SupplementaryGroups = mkIf cfg.journaldAccess "systemd-journal";
+      };
+    };
+  };
+}

nixos/tests/all-tests.nix

@@ -376,6 +376,7 @@ in
   uwsgi = handleTest ./uwsgi.nix {};
   v2ray = handleTest ./v2ray.nix {};
   vault = handleTest ./vault.nix {};
+  vector = handleTest ./vector.nix {};
   victoriametrics = handleTest ./victoriametrics.nix {};
   virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {};
   wasabibackend = handleTest ./wasabibackend.nix {};

nixos/tests/vector.nix

@@ -0,0 +1,37 @@
+{ system ? builtins.currentSystem, config ? { }
+, pkgs ? import ../.. { inherit system config; } }:
+
+with import ../lib/testing-python.nix { inherit system pkgs; };
+with pkgs.lib;
+
+{
+  test1 = makeTest {
+    name = "vector-test1";
+    meta.maintainers = [ pkgs.stdenv.lib.maintainers.thoughtpolice ];
+
+    machine = { config, pkgs, ... }: {
+      services.vector = {
+        enable = true;
+        journaldAccess = true;
+        settings = {
+          sources.journald.type = "journald";
+
+          sinks = {
+            file = {
+              type = "file";
+              inputs = [ "journald" ];
+              path = "/var/lib/vector/logs.log";
+              encoding = { codec = "ndjson"; };
+            };
+          };
+        };
+      };
+    };
+
+    # ensure vector is forwarding the messages appropriately
+    testScript = ''
+      machine.wait_for_unit("vector.service")
+      machine.succeed("test -f /var/lib/vector/logs.log")
+    '';
+  };
+}