nixos/modules/services/admin/oxidized.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / admin / oxidized.nix
at 23.11-pre 3.1 kB view raw
  1{ config, pkgs, lib, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.oxidized;
  7in
  8{
  9  options.services.oxidized = {
 10    enable = mkEnableOption (lib.mdDoc "the oxidized configuration backup service");
 11
 12    user = mkOption {
 13      type = types.str;
 14      default = "oxidized";
 15      description = lib.mdDoc ''
 16        User under which the oxidized service runs.
 17      '';
 18    };
 19
 20    group = mkOption {
 21      type = types.str;
 22      default = "oxidized";
 23      description = lib.mdDoc ''
 24        Group under which the oxidized service runs.
 25      '';
 26    };
 27
 28    dataDir = mkOption {
 29      type = types.path;
 30      default = "/var/lib/oxidized";
 31      description = lib.mdDoc "State directory for the oxidized service.";
 32    };
 33
 34    configFile = mkOption {
 35      type = types.path;
 36      example = literalExpression ''
 37        pkgs.writeText "oxidized-config.yml" '''
 38          ---
 39          debug: true
 40          use_syslog: true
 41          input:
 42            default: ssh
 43            ssh:
 44              secure: true
 45          interval: 3600
 46          model_map:
 47            dell: powerconnect
 48            hp: procurve
 49          source:
 50            default: csv
 51            csv:
 52              delimiter: !ruby/regexp /:/
 53              file: "/var/lib/oxidized/.config/oxidized/router.db"
 54              map:
 55                name: 0
 56                model: 1
 57                username: 2
 58                password: 3
 59          pid: "/var/lib/oxidized/.config/oxidized/pid"
 60          rest: 127.0.0.1:8888
 61          retries: 3
 62          # ... additional config
 63        ''';
 64      '';
 65      description = lib.mdDoc ''
 66        Path to the oxidized configuration file.
 67      '';
 68    };
 69
 70    routerDB = mkOption {
 71      type = types.path;
 72      example = literalExpression ''
 73        pkgs.writeText "oxidized-router.db" '''
 74          hostname-sw1:powerconnect:username1:password2
 75          hostname-sw2:procurve:username2:password2
 76          # ... additional hosts
 77        '''
 78      '';
 79      description = lib.mdDoc ''
 80        Path to the file/database which contains the targets for oxidized.
 81      '';
 82    };
 83  };
 84
 85  config = mkIf cfg.enable {
 86    users.groups.${cfg.group} = { };
 87    users.users.${cfg.user} = {
 88      description = "Oxidized service user";
 89      group = cfg.group;
 90      home = cfg.dataDir;
 91      createHome = true;
 92      isSystemUser = true;
 93    };
 94
 95    systemd.services.oxidized = {
 96      wantedBy = [ "multi-user.target" ];
 97      after = [ "network.target" ];
 98
 99      preStart = ''
100        mkdir -p ${cfg.dataDir}/.config/oxidized
101        ln -f -s ${cfg.routerDB} ${cfg.dataDir}/.config/oxidized/router.db
102        ln -f -s ${cfg.configFile} ${cfg.dataDir}/.config/oxidized/config
103      '';
104
105      serviceConfig = {
106        ExecStart = "${pkgs.oxidized}/bin/oxidized";
107        User = cfg.user;
108        Group = cfg.group;
109        UMask = "0077";
110        NoNewPrivileges = true;
111        Restart  = "always";
112        WorkingDirectory = cfg.dataDir;
113        KillSignal = "SIGKILL";
114        PIDFile = "${cfg.dataDir}/.config/oxidized/pid";
115      };
116    };
117  };
118}