ghostfox/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push sheeet
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Details
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Details
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Details
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Details
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Details
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
Details

Browse Source
This commit is contained in:
Dark Steveneq
2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

125
nixos/modules/services/monitoring/osquery.nix Normal file
View File

@@ -0,0 +1,125 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.osquery;
dirname =
path:
with lib.strings;
with lib.lists;
concatStringsSep "/" (init (splitString "/" (normalizePath path)));
# conf is the osquery configuration file used when the --config_plugin=filesystem.
# filesystem is the osquery default value for the config_plugin flag.
conf = pkgs.writeText "osquery.conf" (builtins.toJSON cfg.settings);
# flagfile is the file containing osquery command line flags to be
# provided to the application using the special --flagfile option.
flagfile = pkgs.writeText "osquery.flags" (
lib.concatStringsSep "\n" (
lib.mapAttrsToList (name: value: "--${name}=${value}")
# Use the conf derivation if not otherwise specified.
({ config_path = conf; } // cfg.flags)
)
);
osqueryi = pkgs.runCommand "osqueryi" { nativeBuildInputs = [ pkgs.makeWrapper ]; } ''
mkdir -p $out/bin
makeWrapper ${pkgs.osquery}/bin/osqueryi $out/bin/osqueryi \
--add-flags "--flagfile ${flagfile} --disable-database"
'';
in
{
options.services.osquery = {
enable = lib.mkEnableOption "osqueryd daemon";
settings = lib.mkOption {
default = { };
description = ''
Configuration to be written to the osqueryd JSON configuration file.
To understand the configuration format, refer to <https://osquery.readthedocs.io/en/stable/deployment/configuration/#configuration-components>.
'';
example = {
options.utc = false;
};
type = lib.types.attrs;
};
flags = lib.mkOption {
default = { };
description = ''
Attribute set of flag names and values to be written to the osqueryd flagfile.
For more information, refer to <https://osquery.readthedocs.io/en/stable/installation/cli-flags>.
'';
example = {
config_refresh = "10";
};
type =
with lib.types;
submodule {
freeformType = attrsOf str;
options = {
database_path = lib.mkOption {
default = "/var/lib/osquery/osquery.db";
readOnly = true;
description = ''
Path used for the database file.
::: {.note}
If left as the default value, this directory will be automatically created before the
service starts, otherwise you are responsible for ensuring the directory exists with
the appropriate ownership and permissions.
'';
type = path;
};
logger_path = lib.mkOption {
default = "/var/log/osquery";
readOnly = true;
description = ''
Base directory used for logging.
::: {.note}
If left as the default value, this directory will be automatically created before the
service starts, otherwise you are responsible for ensuring the directory exists with
the appropriate ownership and permissions.
'';
type = path;
};
pidfile = lib.mkOption {
default = "/run/osquery/osqueryd.pid";
readOnly = true;
description = "Path used for pid file.";
type = path;
};
};
};
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ osqueryi ];
systemd.services.osqueryd = {
after = [
"network.target"
"syslog.service"
];
description = "The osquery daemon";
serviceConfig = {
ExecStart = "${pkgs.osquery}/bin/osqueryd --flagfile ${flagfile}";
PIDFile = cfg.flags.pidfile;
LogsDirectory = lib.mkIf (cfg.flags.logger_path == "/var/log/osquery") [ "osquery" ];
StateDirectory = lib.mkIf (cfg.flags.database_path == "/var/lib/osquery/osquery.db") [ "osquery" ];
Restart = "always";
};
wantedBy = [ "multi-user.target" ];
};
systemd.tmpfiles.settings."10-osquery".${dirname (cfg.flags.pidfile)}.d = {
user = "root";
group = "root";
mode = "0755";
};
};
}