2021-12-16 15:20:52 +00:00
|
|
|
{ config, lib, utils, pkgs, ... }:
|
|
|
|
|
|
|
|
let
|
|
|
|
inherit (lib)
|
|
|
|
attrValues
|
|
|
|
literalExpression
|
|
|
|
mkEnableOption
|
|
|
|
mkIf
|
|
|
|
mkOption
|
|
|
|
types;
|
|
|
|
|
|
|
|
cfg = config.services.filebeat;
|
|
|
|
|
|
|
|
json = pkgs.formats.json {};
|
|
|
|
in
|
|
|
|
{
|
|
|
|
options = {
|
|
|
|
|
|
|
|
services.filebeat = {
|
|
|
|
|
2022-08-28 19:18:44 +00:00
|
|
|
enable = mkEnableOption (lib.mdDoc "filebeat");
|
2021-12-16 15:20:52 +00:00
|
|
|
|
|
|
|
package = mkOption {
|
|
|
|
type = types.package;
|
|
|
|
default = pkgs.filebeat;
|
|
|
|
defaultText = literalExpression "pkgs.filebeat";
|
|
|
|
example = literalExpression "pkgs.filebeat7";
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc ''
|
2021-12-16 15:20:52 +00:00
|
|
|
The filebeat package to use.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
inputs = mkOption {
|
2022-08-03 20:46:41 +00:00
|
|
|
description = lib.mdDoc ''
|
2021-12-16 15:20:52 +00:00
|
|
|
Inputs specify how Filebeat locates and processes input data.
|
|
|
|
|
2022-08-03 20:46:41 +00:00
|
|
|
This is like `services.filebeat.settings.filebeat.inputs`,
|
2021-12-16 15:20:52 +00:00
|
|
|
but structured as an attribute set. This has the benefit
|
|
|
|
that multiple NixOS modules can contribute settings to a
|
|
|
|
single filebeat input.
|
|
|
|
|
|
|
|
An input type can be specified multiple times by choosing a
|
2022-08-03 20:46:41 +00:00
|
|
|
different `<name>` for each, but setting
|
|
|
|
[](#opt-services.filebeat.inputs._name_.type)
|
2021-12-16 15:20:52 +00:00
|
|
|
to the same value.
|
|
|
|
|
2022-08-03 20:46:41 +00:00
|
|
|
See <https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html>.
|
2021-12-16 15:20:52 +00:00
|
|
|
'';
|
|
|
|
default = {};
|
|
|
|
type = types.attrsOf (types.submodule ({ name, ... }: {
|
|
|
|
freeformType = json.type;
|
|
|
|
options = {
|
|
|
|
type = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
default = name;
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc ''
|
2021-12-16 15:20:52 +00:00
|
|
|
The input type.
|
|
|
|
|
2022-07-28 21:19:15 +00:00
|
|
|
Look for the value after `type:` on
|
2021-12-16 15:20:52 +00:00
|
|
|
the individual input pages linked from
|
2022-07-28 21:19:15 +00:00
|
|
|
<https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html>.
|
2021-12-16 15:20:52 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}));
|
|
|
|
example = literalExpression ''
|
|
|
|
{
|
|
|
|
journald.id = "everything"; # Only for filebeat7
|
|
|
|
log = {
|
|
|
|
enabled = true;
|
|
|
|
paths = [
|
|
|
|
"/var/log/*.log"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
modules = mkOption {
|
2022-08-03 20:46:41 +00:00
|
|
|
description = lib.mdDoc ''
|
2021-12-16 15:20:52 +00:00
|
|
|
Filebeat modules provide a quick way to get started
|
|
|
|
processing common log formats. They contain default
|
|
|
|
configurations, Elasticsearch ingest pipeline definitions,
|
|
|
|
and Kibana dashboards to help you implement and deploy a log
|
|
|
|
monitoring solution.
|
|
|
|
|
2022-08-03 20:46:41 +00:00
|
|
|
This is like `services.filebeat.settings.filebeat.modules`,
|
2021-12-16 15:20:52 +00:00
|
|
|
but structured as an attribute set. This has the benefit
|
|
|
|
that multiple NixOS modules can contribute settings to a
|
|
|
|
single filebeat module.
|
|
|
|
|
|
|
|
A module can be specified multiple times by choosing a
|
2022-08-03 20:46:41 +00:00
|
|
|
different `<name>` for each, but setting
|
|
|
|
[](#opt-services.filebeat.modules._name_.module)
|
2021-12-16 15:20:52 +00:00
|
|
|
to the same value.
|
|
|
|
|
2022-08-03 20:46:41 +00:00
|
|
|
See <https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules.html>.
|
2021-12-16 15:20:52 +00:00
|
|
|
'';
|
|
|
|
default = {};
|
|
|
|
type = types.attrsOf (types.submodule ({ name, ... }: {
|
|
|
|
freeformType = json.type;
|
|
|
|
options = {
|
|
|
|
module = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
default = name;
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc ''
|
2021-12-16 15:20:52 +00:00
|
|
|
The name of the module.
|
|
|
|
|
2022-07-28 21:19:15 +00:00
|
|
|
Look for the value after `module:` on
|
2021-12-16 15:20:52 +00:00
|
|
|
the individual input pages linked from
|
2022-07-28 21:19:15 +00:00
|
|
|
<https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules.html>.
|
2021-12-16 15:20:52 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}));
|
|
|
|
example = literalExpression ''
|
|
|
|
{
|
|
|
|
nginx = {
|
|
|
|
access = {
|
|
|
|
enabled = true;
|
|
|
|
var.paths = [ "/path/to/log/nginx/access.log*" ];
|
|
|
|
};
|
|
|
|
error = {
|
|
|
|
enabled = true;
|
|
|
|
var.paths = [ "/path/to/log/nginx/error.log*" ];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
settings = mkOption {
|
|
|
|
type = types.submodule {
|
|
|
|
freeformType = json.type;
|
|
|
|
|
|
|
|
options = {
|
|
|
|
|
|
|
|
output.elasticsearch.hosts = mkOption {
|
|
|
|
type = with types; listOf str;
|
|
|
|
default = [ "127.0.0.1:9200" ];
|
|
|
|
example = [ "myEShost:9200" ];
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc ''
|
2021-12-16 15:20:52 +00:00
|
|
|
The list of Elasticsearch nodes to connect to.
|
|
|
|
|
|
|
|
The events are distributed to these nodes in round
|
|
|
|
robin order. If one node becomes unreachable, the
|
|
|
|
event is automatically sent to another node. Each
|
|
|
|
Elasticsearch node can be defined as a URL or
|
|
|
|
IP:PORT. For example:
|
2022-07-28 21:19:15 +00:00
|
|
|
`http://192.15.3.2`,
|
|
|
|
`https://es.found.io:9230` or
|
|
|
|
`192.24.3.2:9300`. If no port is
|
|
|
|
specified, `9200` is used.
|
2021-12-16 15:20:52 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
filebeat = {
|
|
|
|
inputs = mkOption {
|
|
|
|
type = types.listOf json.type;
|
|
|
|
default = [];
|
|
|
|
internal = true;
|
2022-08-28 23:38:36 +00:00
|
|
|
description = lib.mdDoc ''
|
2021-12-16 15:20:52 +00:00
|
|
|
Inputs specify how Filebeat locates and processes
|
2022-08-28 23:38:36 +00:00
|
|
|
input data. Use [](#opt-services.filebeat.inputs) instead.
|
2021-12-16 15:20:52 +00:00
|
|
|
|
2022-08-28 23:38:36 +00:00
|
|
|
See <https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html>.
|
2021-12-16 15:20:52 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
modules = mkOption {
|
|
|
|
type = types.listOf json.type;
|
|
|
|
default = [];
|
|
|
|
internal = true;
|
2022-08-28 23:38:36 +00:00
|
|
|
description = lib.mdDoc ''
|
2021-12-16 15:20:52 +00:00
|
|
|
Filebeat modules provide a quick way to get started
|
|
|
|
processing common log formats. They contain default
|
|
|
|
configurations, Elasticsearch ingest pipeline
|
|
|
|
definitions, and Kibana dashboards to help you
|
|
|
|
implement and deploy a log monitoring solution.
|
|
|
|
|
2022-08-28 23:38:36 +00:00
|
|
|
Use [](#opt-services.filebeat.modules) instead.
|
2021-12-16 15:20:52 +00:00
|
|
|
|
2022-08-28 23:38:36 +00:00
|
|
|
See <https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules.html>.
|
2021-12-16 15:20:52 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
default = {};
|
|
|
|
example = literalExpression ''
|
|
|
|
{
|
|
|
|
settings = {
|
|
|
|
output.elasticsearch = {
|
|
|
|
hosts = [ "myEShost:9200" ];
|
|
|
|
username = "filebeat_internal";
|
|
|
|
password = { _secret = "/var/keys/elasticsearch_password"; };
|
|
|
|
};
|
|
|
|
logging.level = "info";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
'';
|
|
|
|
|
2022-07-28 21:19:15 +00:00
|
|
|
description = lib.mdDoc ''
|
2021-12-16 15:20:52 +00:00
|
|
|
Configuration for filebeat. See
|
2022-07-28 21:19:15 +00:00
|
|
|
<https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-reference-yml.html>
|
2021-12-16 15:20:52 +00:00
|
|
|
for supported values.
|
|
|
|
|
|
|
|
Options containing secret data should be set to an attribute
|
2022-07-28 21:19:15 +00:00
|
|
|
set containing the attribute `_secret` - a
|
2021-12-16 15:20:52 +00:00
|
|
|
string pointing to a file containing the value the option
|
|
|
|
should be set to. See the example to get a better picture of
|
|
|
|
this: in the resulting
|
2022-07-28 21:19:15 +00:00
|
|
|
{file}`filebeat.yml` file, the
|
|
|
|
`output.elasticsearch.password`
|
2021-12-16 15:20:52 +00:00
|
|
|
key will be set to the contents of the
|
2022-07-28 21:19:15 +00:00
|
|
|
{file}`/var/keys/elasticsearch_password` file.
|
2021-12-16 15:20:52 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
|
|
|
|
services.filebeat.settings.filebeat.inputs = attrValues cfg.inputs;
|
|
|
|
services.filebeat.settings.filebeat.modules = attrValues cfg.modules;
|
|
|
|
|
|
|
|
systemd.services.filebeat = {
|
|
|
|
description = "Filebeat log shipper";
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
wants = [ "elasticsearch.service" ];
|
|
|
|
after = [ "elasticsearch.service" ];
|
|
|
|
serviceConfig = {
|
|
|
|
ExecStartPre = pkgs.writeShellScript "filebeat-exec-pre" ''
|
|
|
|
set -euo pipefail
|
|
|
|
|
|
|
|
umask u=rwx,g=,o=
|
|
|
|
|
|
|
|
${utils.genJqSecretsReplacementSnippet
|
|
|
|
cfg.settings
|
|
|
|
"/var/lib/filebeat/filebeat.yml"
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
ExecStart = ''
|
|
|
|
${cfg.package}/bin/filebeat -e \
|
|
|
|
-c "/var/lib/filebeat/filebeat.yml" \
|
|
|
|
--path.data "/var/lib/filebeat"
|
|
|
|
'';
|
|
|
|
Restart = "always";
|
|
|
|
StateDirectory = "filebeat";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|