nixos/modules/services/admin/oxidized.nix at 18.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / admin / oxidized.nix
at 18.09-beta 2.9 kB view raw
  1{ config, pkgs, lib, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.oxidized;
  7in
  8{
  9  options.services.oxidized = {
 10    enable = mkEnableOption "the oxidized configuation backup service.";
 11
 12    user = mkOption {
 13      type = types.str;
 14      default = "oxidized";
 15      description = ''
 16        User under which the oxidized service runs.
 17      '';
 18    };
 19
 20    group = mkOption {
 21      type = types.str;
 22      default = "oxidized";
 23      description = ''
 24        Group under which the oxidized service runs.
 25      '';
 26    };
 27
 28    dataDir = mkOption {
 29      type = types.path;
 30      default = "/var/lib/oxidized";
 31      description = "State directory for the oxidized service.";
 32    };
 33
 34    configFile = mkOption {
 35      type = types.path;
 36      example = literalExample ''
 37        pkgs.writeText "oxidized-config.yml" '''
 38          ---
 39          debug: true
 40          use_syslog: true
 41          input:
 42            default: ssh
 43            ssh:
 44              secure: true
 45          interval: 3600
 46          model_map:
 47            dell: powerconnect
 48            hp: procurve
 49          source:
 50            default: csv
 51            csv:
 52              delimiter: !ruby/regexp /:/
 53              file: "/var/lib/oxidized/.config/oxidized/router.db"
 54              map:
 55                name: 0
 56                model: 1
 57                username: 2
 58                password: 3
 59          pid: "/var/lib/oxidized/.config/oxidized/pid"
 60          rest: 127.0.0.1:8888
 61          retries: 3
 62          # ... additional config
 63        ''';
 64      '';
 65      description = ''
 66        Path to the oxidized configuration file.
 67      '';
 68    };
 69
 70    routerDB = mkOption {
 71      type = types.path;
 72      example = literalExample ''
 73        pkgs.writeText "oxidized-router.db" '''
 74          hostname-sw1:powerconnect:username1:password2
 75          hostname-sw2:procurve:username2:password2
 76          # ... additional hosts
 77        '''
 78      '';
 79      description = ''
 80        Path to the file/database which contains the targets for oxidized.
 81      '';
 82    };
 83  };
 84
 85  config = mkIf cfg.enable {
 86    users.groups.${cfg.group} = { };
 87    users.users.${cfg.user} = {
 88      description = "Oxidized service user";
 89      group = cfg.group;
 90      home = cfg.dataDir;
 91      createHome = true;
 92    };
 93
 94    systemd.services.oxidized = {
 95      wantedBy = [ "multi-user.target" ];
 96      after = [ "network.target" ];
 97
 98      preStart = ''
 99        mkdir -p ${cfg.dataDir}/.config/oxidized
100        cp -v ${cfg.routerDB} ${cfg.dataDir}/.config/oxidized/router.db
101        cp -v ${cfg.configFile} ${cfg.dataDir}/.config/oxidized/config
102      '';
103
104      serviceConfig = {
105        ExecStart = "${pkgs.oxidized}/bin/oxidized";
106        User = cfg.user;
107        Group = cfg.group;
108        UMask = "0077";
109        NoNewPrivileges = true;
110        Restart  = "always";
111        WorkingDirectory = cfg.dataDir;
112        KillSignal = "SIGKILL";
113      };
114    };
115  };
116}