nixdots/options/security/auditd.nix

{
  lib,
  config,
  ...
}:
with lib; let
  inherit (lib) mkEnableOption mkOption literalExpression types;
in {
  options.myOptions.security.auditd = {
    enable = mkEnableOption "the audit daemon.";
    autoPrune = {
      enable = mkEnableOption ''
        automatic pruning of audit logs.

        Enabling this is HEAVILY recommended, as audit logs
        can grow very large very quickly.
      '';

      size = mkOption {
        type = types.int;
        default = 524288000; # roughly 500MB
        description = ''
          The maximum size of the audit log in bytes.

          The default is 500MB.
        '';
      };

      schedule = mkOption {
        type = types.str;
        default = "daily";
        example = "weekly";
        description = "How often cleaning is triggered. Passed to systemd.time";
      };
    };

    extraFiles = mkOption {
      default = [];
      type = types.listOf types.path;
      example = literalExpression ''["/etc/nix/id_rsa"]'';
      description = ''
        Additional files in root to link to persistent storage.
      '';
    };

    extraDirectories = mkOption {
      default = [];
      type = types.listOf types.path;
      example = literalExpression ''["/etc/nix/id_rsa"]'';
      description = ''
        Additional directories in root to link to persistent storage.
      '';
    };

    persistentMountPoint = mkOption {
      default = "/persist";
      description = ''
        Path to a persistent directory (usually a mount point to a
        standalone partition / subvolume), which will hold the persistent
        system state files.
      '';
    };
  };
}
Add auditd 2024-04-15 20:47:54 +00:00			`{`
Run alejandra 2024-07-26 23:07:07 +00:00			`lib,`
			`config,`
			`...`
			`}:`
			`with lib; let`
			`inherit (lib) mkEnableOption mkOption literalExpression types;`
			`in {`
Add auditd 2024-04-15 20:47:54 +00:00			`options.myOptions.security.auditd = {`
			`enable = mkEnableOption "the audit daemon.";`
			`autoPrune = {`
			`enable = mkEnableOption ''`
			`automatic pruning of audit logs.`

			`Enabling this is HEAVILY recommended, as audit logs`
			`can grow very large very quickly.`
			`'';`

			`size = mkOption {`
			`type = types.int;`
			`default = 524288000; # roughly 500MB`
			`description = ''`
			`The maximum size of the audit log in bytes.`

			`The default is 500MB.`
			`'';`
			`};`

			`schedule = mkOption {`
			`type = types.str;`
			`default = "daily";`
			`example = "weekly";`
			`description = "How often cleaning is triggered. Passed to systemd.time";`
			`};`
			`};`

			`extraFiles = mkOption {`
			`default = [];`
			`type = types.listOf types.path;`
			`example = literalExpression ''["/etc/nix/id_rsa"]'';`
			`description = ''`
			`Additional files in root to link to persistent storage.`
			`'';`
			`};`

			`extraDirectories = mkOption {`
			`default = [];`
			`type = types.listOf types.path;`
			`example = literalExpression ''["/etc/nix/id_rsa"]'';`
			`description = ''`
			`Additional directories in root to link to persistent storage.`
			`'';`
			`};`

			`persistentMountPoint = mkOption {`
			`default = "/persist";`
			`description = ''`
			`Path to a persistent directory (usually a mount point to a`
			`standalone partition / subvolume), which will hold the persistent`
			`system state files.`
			`'';`
			`};`
			`};`
			`}`