| blob | c8a77ab93def7ff2321f4265db009417bfe986f7 |
1 { config, lib, pkgs, ... }:
3 with lib;
4 let
6 cfg = config.services.tremor-rs;
8 loggerSettingsFormat = pkgs.formats.yaml { };
9 loggerConfigFile = loggerSettingsFormat.generate "logger.yaml" cfg.loggerSettings;
10 in {
12 options = {
13 services.tremor-rs = {
14 enable = lib.mkEnableOption "Tremor event- or stream-processing system";
16 troyFileList = mkOption {
17 type = types.listOf types.path;
18 default = [];
19 description = "List of troy files to load.";
20 };
22 tremorLibDir = mkOption {
23 type = types.path;
24 default = "";
25 description = "Directory where to find /lib containing tremor script files";
26 };
28 host = mkOption {
29 type = types.str;
30 default = "127.0.0.1";
31 description = "The host tremor should be listening on";
32 };
34 port = mkOption {
35 type = types.port;
36 default = 9898;
37 description = "the port tremor should be listening on";
38 };
40 loggerSettings = mkOption {
41 description = "Tremor logger configuration";
42 default = {};
43 type = loggerSettingsFormat.type;
45 example = {
46 refresh_rate = "30 seconds";
47 appenders.stdout.kind = "console";
48 root = {
49 level = "warn";
50 appenders = [ "stdout" ];
51 };
52 loggers = {
53 tremor_runtime = {
54 level = "debug";
55 appenders = [ "stdout" ];
56 additive = false;
57 };
58 tremor = {
59 level = "debug";
60 appenders = [ "stdout" ];
61 additive = false;
62 };
63 };
64 };
66 defaultText = literalExpression ''
67 {
68 refresh_rate = "30 seconds";
69 appenders.stdout.kind = "console";
70 root = {
71 level = "warn";
72 appenders = [ "stdout" ];
73 };
74 loggers = {
75 tremor_runtime = {
76 level = "debug";
77 appenders = [ "stdout" ];
78 additive = false;
79 };
80 tremor = {
81 level = "debug";
82 appenders = [ "stdout" ];
83 additive = false;
84 };
85 };
86 }
87 '';
89 };
90 };
91 };
93 config = mkIf (cfg.enable) {
95 environment.systemPackages = [ pkgs.tremor-rs ] ;
97 systemd.services.tremor-rs = {
98 description = "Tremor event- or stream-processing system";
99 wantedBy = [ "multi-user.target" ];
100 requires = [ "network-online.target" ];
101 after = [ "network-online.target" ];
103 environment.TREMOR_PATH = "${pkgs.tremor-rs}/lib:${cfg.tremorLibDir}";
105 serviceConfig = {
106 ExecStart = "${pkgs.tremor-rs}/bin/tremor --logger-config ${loggerConfigFile} server run ${concatStringsSep " " cfg.troyFileList} --api-host ${cfg.host}:${toString cfg.port}";
107 DynamicUser = true;
108 Restart = "always";
109 NoNewPrivileges = true;
110 PrivateTmp = true;
111 ProtectHome = true;
112 ProtectClock = true;
113 ProtectProc = "noaccess";
114 ProcSubset = "pid";
115 ProtectKernelLogs = true;
116 ProtectKernelModules = true;
117 ProtectKernelTunables = true;
118 ProtectControlGroups = true;
119 ProtectHostname = true;
120 RestrictSUIDSGID = true;
121 RestrictRealtime = true;
122 RestrictNamespaces = true;
123 LockPersonality = true;
124 RemoveIPC = true;
125 SystemCallFilter = [ "@system-service" "~@privileged" ];
126 };
127 };
128 };
129 }