diff --git a/machines/vault01/_configuration.nix b/machines/vault01/_configuration.nix index 5e94808..f692aac 100644 --- a/machines/vault01/_configuration.nix +++ b/machines/vault01/_configuration.nix @@ -10,6 +10,7 @@ lib.extra.mkConfig { "k-radius" "networking" "ups" + "ulogd" ]; extraConfig = { diff --git a/machines/vault01/ulogd.nix b/machines/vault01/ulogd.nix new file mode 100644 index 0000000..cfe7b96 --- /dev/null +++ b/machines/vault01/ulogd.nix @@ -0,0 +1,56 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + services = { + ulogd = { + enable = true; + logLevel = 5; + settings = { + global = { + logfile = "/var/log/ulogd.log"; + stack = [ "ct1:NFCT,ip2str1:IP2STR,pgsql1:PGSQL" ]; + }; + ct1 = { }; + pgsql1 = { + db = "ulogd"; + user = "ulogd"; + table = "ulog2_ct"; + procedure = "INSERT_CT"; + }; + }; + }; + postgresql = { + enable = true; + identMap = '' + ulogd-map root ulogd + ''; + authentication = '' + local ulogd ulogd peer map=ulogd-map + ''; + + ensureUsers = [ + { + name = "ulogd"; + ensureDBOwnership = true; + } + ]; + ensureDatabases = [ "ulogd" ]; + }; + }; + systemd.services.ulogd = { + serviceConfig.StateDirectory = "ulogd"; + requires = [ "postgresql.service" ]; + after = [ "postgresql.service" ]; + path = [ config.services.postgresql.package ]; + preStart = lib.mkAfter '' + if ! test -e "/var/lib/ulogd/.initialized"; then + psql -f "${pkgs.ulogd.doc}/share/doc/ulogd-pgsql/pgsql-ulogd2.sql" -d ulogd -U ulogd + touch "/var/lib/ulogd/.initialized" + fi + ''; + }; +}