-
-
Notifications
You must be signed in to change notification settings - Fork 13.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge #275620: staging-next 2023-12-20
- Loading branch information
Showing
1,384 changed files
with
12,416 additions
and
7,083 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,135 @@ | ||
{ config, lib, pkgs, ... }: | ||
|
||
let | ||
cfg = config.services.journald.gateway; | ||
|
||
cliArgs = lib.cli.toGNUCommandLineShell { } { | ||
# If either of these are null / false, they are not passed in the command-line | ||
inherit (cfg) cert key trust system user merge; | ||
}; | ||
in | ||
{ | ||
meta.maintainers = [ lib.maintainers.raitobezarius ]; | ||
options.services.journald.gateway = { | ||
enable = lib.mkEnableOption "the HTTP gateway to the journal"; | ||
|
||
port = lib.mkOption { | ||
default = 19531; | ||
type = lib.types.port; | ||
description = '' | ||
The port to listen to. | ||
''; | ||
}; | ||
|
||
cert = lib.mkOption { | ||
default = null; | ||
type = with lib.types; nullOr str; | ||
description = lib.mdDoc '' | ||
The path to a file or `AF_UNIX` stream socket to read the server | ||
certificate from. | ||
The certificate must be in PEM format. This option switches | ||
`systemd-journal-gatewayd` into HTTPS mode and must be used together | ||
with {option}`services.journald.gateway.key`. | ||
''; | ||
}; | ||
|
||
key = lib.mkOption { | ||
default = null; | ||
type = with lib.types; nullOr str; | ||
description = lib.mdDoc '' | ||
Specify the path to a file or `AF_UNIX` stream socket to read the | ||
secret server key corresponding to the certificate specified with | ||
{option}`services.journald.gateway.cert` from. | ||
The key must be in PEM format. | ||
This key should not be world-readable, and must be readably by the | ||
`systemd-journal-gateway` user. | ||
''; | ||
}; | ||
|
||
trust = lib.mkOption { | ||
default = null; | ||
type = with lib.types; nullOr str; | ||
description = lib.mdDoc '' | ||
Specify the path to a file or `AF_UNIX` stream socket to read a CA | ||
certificate from. | ||
The certificate must be in PEM format. | ||
Setting this option enforces client certificate checking. | ||
''; | ||
}; | ||
|
||
system = lib.mkOption { | ||
default = true; | ||
type = lib.types.bool; | ||
description = lib.mdDoc '' | ||
Serve entries from system services and the kernel. | ||
This has the same meaning as `--system` for {manpage}`journalctl(1)`. | ||
''; | ||
}; | ||
|
||
user = lib.mkOption { | ||
default = true; | ||
type = lib.types.bool; | ||
description = lib.mdDoc '' | ||
Serve entries from services for the current user. | ||
This has the same meaning as `--user` for {manpage}`journalctl(1)`. | ||
''; | ||
}; | ||
|
||
merge = lib.mkOption { | ||
default = false; | ||
type = lib.types.bool; | ||
description = lib.mdDoc '' | ||
Serve entries interleaved from all available journals, including other | ||
machines. | ||
This has the same meaning as `--merge` option for | ||
{manpage}`journalctl(1)`. | ||
''; | ||
}; | ||
}; | ||
|
||
config = lib.mkIf cfg.enable { | ||
assertions = [ | ||
{ | ||
# This prevents the weird case were disabling "system" and "user" | ||
# actually enables both because the cli flags are not present. | ||
assertion = cfg.system || cfg.user; | ||
message = '' | ||
systemd-journal-gatewayd cannot serve neither "system" nor "user" | ||
journals. | ||
''; | ||
} | ||
]; | ||
|
||
systemd.additionalUpstreamSystemUnits = [ | ||
"systemd-journal-gatewayd.socket" | ||
"systemd-journal-gatewayd.service" | ||
]; | ||
|
||
users.users.systemd-journal-gateway.uid = config.ids.uids.systemd-journal-gateway; | ||
users.users.systemd-journal-gateway.group = "systemd-journal-gateway"; | ||
users.groups.systemd-journal-gateway.gid = config.ids.gids.systemd-journal-gateway; | ||
|
||
systemd.services.systemd-journal-gatewayd.serviceConfig.ExecStart = [ | ||
# Clear the default command line | ||
"" | ||
"${pkgs.systemd}/lib/systemd/systemd-journal-gatewayd ${cliArgs}" | ||
]; | ||
|
||
systemd.sockets.systemd-journal-gatewayd = { | ||
wantedBy = [ "sockets.target" ]; | ||
listenStreams = [ | ||
# Clear the default port | ||
"" | ||
(toString cfg.port) | ||
]; | ||
}; | ||
}; | ||
} |
Oops, something went wrong.