nixos/modules/services/admin/salt/minion.nix at 17.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / services / admin / salt / minion.nix

at 17.09-beta 1.6 kB view raw

 1{ config, pkgs, lib, ... }:
 2
 3with lib;
 4
 5let
 6
 7  cfg  = config.services.salt.minion;
 8
 9  fullConfig = lib.recursiveUpdate {
10    # Provide defaults for some directories to allow an immutable config dir
11    # NOTE: the config dir being immutable prevents `minion_id` caching
12
13    # Default is equivalent to /etc/salt/minion.d/*.conf
14    default_include = "/var/lib/salt/minion.d/*.conf";
15    # Default is in /etc/salt/pki/minion
16    pki_dir = "/var/lib/salt/pki/minion";
17  } cfg.configuration;
18  configDir = pkgs.writeTextDir "minion" (builtins.toJSON fullConfig);
19
20in
21
22{
23  options = {
24    services.salt.minion = {
25      enable = mkEnableOption "Salt minion service";
26      configuration = mkOption {
27        type = types.attrs;
28        default = {};
29        description = ''
30          Salt minion configuration as Nix attribute set.
31          See <link xlink:href="https://docs.saltstack.com/en/latest/ref/configuration/minion.html"/>                                                                                                 
32          for details.          
33        '';
34      };
35    };
36  };
37
38  config = mkIf cfg.enable {
39    environment.systemPackages = with pkgs; [ salt ];
40    systemd.services.salt-minion = {
41      description = "Salt Minion";
42      wantedBy = [ "multi-user.target" ];
43      after = [ "network.target" ];
44      path = with pkgs; [
45        utillinux
46      ];
47      serviceConfig = {
48        ExecStart = "${pkgs.salt}/bin/salt-minion --config-dir=${configDir}";
49        LimitNOFILE = 8192;
50        Type = "notify";
51        NotifyAccess = "all";
52      };
53    };
54  };
55}
56