nixos/modules/services/security/munge.nix at 18.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / services / security / munge.nix

at 18.09-beta 1.5 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6
 7  cfg = config.services.munge;
 8
 9in
10
11{
12
13  ###### interface
14
15  options = {
16
17    services.munge = {
18      enable = mkEnableOption "munge service";
19
20      password = mkOption {
21        default = "/etc/munge/munge.key";
22        type = types.string;
23        description = ''
24          The path to a daemon's secret key.
25        '';
26      };
27
28    };
29
30  };
31
32  ###### implementation
33
34  config = mkIf cfg.enable {
35
36    environment.systemPackages = [ pkgs.munge ];
37
38    users.users.munge = {
39      description   = "Munge daemon user";
40      isSystemUser  = true;
41      group         = "munge";
42    };
43
44    users.groups.munge = {};
45
46    systemd.services.munged = {
47      wantedBy = [ "multi-user.target" ];
48      after = [ "network.target" ];
49
50      path = [ pkgs.munge pkgs.coreutils ];
51
52      preStart = ''
53        chmod 0700 ${cfg.password}
54        mkdir -p /var/lib/munge -m 0711
55        chown -R munge:munge /var/lib/munge
56        mkdir -p /var/log/munge -m 0700
57        chown -R munge:munge /var/log/munge
58        mkdir -p /run/munge -m 0755
59        chown -R munge:munge /run/munge
60      '';
61
62      serviceConfig = {
63        ExecStart = "${pkgs.munge}/bin/munged --syslog --key-file ${cfg.password}";
64        PIDFile = "/run/munge/munged.pid";
65        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
66        PermissionsStartOnly = "true";
67        User = "munge";
68        Group = "munge";
69      };
70
71    };
72
73  };
74
75}