NixOS · felbinger · Jun 25, 2024
diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md
@@ -775,6 +775,8 @@
 
 - torq has been removed because upstreamed went closed source.
 
+- Removed `filebeat` default output for elasticsearch to `127.0.0.1:9200` and improved nixos options for outputs.
+
 ## Other Notable Changes {#sec-release-24.11-notable-changes}
 
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

diff --git a/nixos/modules/services/logging/filebeat.nix b/nixos/modules/services/logging/filebeat.nix
@@ -22,15 +22,14 @@ let
   json = pkgs.formats.json { };
 in
 {
+  meta.maintainers = with lib.maintainers; [ felbinger ];
   options = {
 
     services.filebeat = {
 
       enable = mkEnableOption "filebeat";
 
-      package = mkPackageOption pkgs "filebeat" {
-        example = "filebeat7";
-      };
+      package = mkPackageOption pkgs "filebeat" { example = "filebeat7"; };
 
       inputs = mkOption {
         description = ''
@@ -146,23 +145,49 @@ in
           freeformType = json.type;
 
           options = {
-
-            output.elasticsearch.hosts = mkOption {
-              type = with types; listOf str;
-              default = [ "127.0.0.1:9200" ];
-              example = [ "myEShost:9200" ];
+            output = mkOption {
+              type = types.nullOr (
+                types.attrsOf (
+                  types.submodule {
+                    freeformType = json.type;
+                    options = {
+                      enabled = mkEnableOption "<name>";
+                      hosts = mkOption {
+                        type = with types; listOf str;
+                        default = [ ];
+                        description = ''
+                          The list of Elasticsearch/Logstash/Kafka/Redis nodes to connect to.
+                          The events are distributed to these nodes in round robin order. If
+                          one node becomes unreachable, the event is automatically sent to
+                          another node. Each node can be defined as a URL or IP:PORT.
+                        '';
+                      };
+                    };
+                  }
+                )
+              );
+              default = {
+                elasticsearch = {
+                  enable = true;
+                  hosts = [ "127.0.0.1:9200" ];
+                };
+              };
+              example = {
+                elasticsearch.enable = false;
+                logstash = {
+                  enable = true;
+                  hosts = [ "myEShost:9200" ];
+                };
+              };
               description = ''
-                The list of Elasticsearch nodes to connect to.
-
-                The events are distributed to these nodes in round
-                robin order. If one node becomes unreachable, the
-                event is automatically sent to another node. Each
-                Elasticsearch node can be defined as a URL or
-                IP:PORT. For example:
-                `http://192.15.3.2`,
-                `https://es.found.io:9230` or
-                `192.24.3.2:9300`. If no port is
-                specified, `9200` is used.
+                You configure Filebeat to write to a specific output by setting options in the
+                Outputs section of the `filebeat.yml` config file. Only a single output may be defined.
+
+                The following topics describe how to configure each supported output. If you've secured
+                the Elastic Stack, also read Secure for more about security-related configuration options.
+
+                For more information about the available outputs see
+                [elastic.co/guide/en/beats/filebeat/current/configuring-output.html](https://www.elastic.co/guide/en/beats/filebeat/current/configuring-output.html).
               '';
             };
 
@@ -232,6 +257,51 @@ in
 
   config = mkIf cfg.enable {
 
+    assertions =
+      let
+        validOutputs = [
+          "elasticsearch"
+          "logstash"
+          "kafka"
+          "redis"
+          "file"
+          "console"
+          "discard"
+        ];
+        validOutputsHosts = [
+          "elasticsearch"
+          "logstash"
+          "kafka"
+          "redis"
+        ];
+
+        filterEnabled = attrset:
+          let
+            enabledNames = builtins.filter (name: attrset.${name}.enabled) (builtins.attrNames attrset);
+          in
+            builtins.listToAttrs (map (name: { name = name; value = attrset.${name}; }) enabledNames);
+
+        enabledOutputs = filterEnabled cfg.settings.output;
+      in
+      [
+        {
+          assertion = builtins.length (builtins.attrNames enabledOutputs) == 1;
+          message = "only one services.filebeat.settings.output can be configured";
+        }
+        {
+          assertion =
+            (builtins.length (builtins.attrNames enabledOutputs) != 1)
+            || (builtins.elem (builtins.head (builtins.attrNames enabledOutputs)) validOutputs);
+          message = "services.filebeat.settings.output is invalid, choose one of: ${lib.concatStringsSep ", " validOutputs}";
+        }
+        {
+          assertion =
+            (builtins.length (builtins.attrNames enabledOutputs) != 1)
+            || (builtins.elem (builtins.head (builtins.attrNames enabledOutputs)) validOutputsHosts);
+          message = "services.filebeat.settings.output.<name>.hosts can only be configured for: ${lib.concatStringsSep ", " validOutputsHosts}";
+        }
+      ];
+
     services.filebeat.settings.filebeat.inputs = attrValues cfg.inputs;
     services.filebeat.settings.filebeat.modules = attrValues cfg.modules;