nixos/modules/services/security/munge.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / services / security / munge.nix

at 23.11-pre 1.3 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6
 7  cfg = config.services.munge;
 8
 9in
10
11{
12
13  ###### interface
14
15  options = {
16
17    services.munge = {
18      enable = mkEnableOption (lib.mdDoc "munge service");
19
20      password = mkOption {
21        default = "/etc/munge/munge.key";
22        type = types.path;
23        description = lib.mdDoc ''
24          The path to a daemon's secret key.
25        '';
26      };
27
28    };
29
30  };
31
32  ###### implementation
33
34  config = mkIf cfg.enable {
35
36    environment.systemPackages = [ pkgs.munge ];
37
38    users.users.munge = {
39      description   = "Munge daemon user";
40      isSystemUser  = true;
41      group         = "munge";
42    };
43
44    users.groups.munge = {};
45
46    systemd.services.munged = {
47      wantedBy = [ "multi-user.target" ];
48      after = [ "network.target" ];
49
50      path = [ pkgs.munge pkgs.coreutils ];
51
52      serviceConfig = {
53        ExecStartPre = "+${pkgs.coreutils}/bin/chmod 0400 ${cfg.password}";
54        ExecStart = "${pkgs.munge}/bin/munged --syslog --key-file ${cfg.password}";
55        PIDFile = "/run/munge/munged.pid";
56        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
57        User = "munge";
58        Group = "munge";
59        StateDirectory = "munge";
60        StateDirectoryMode = "0711";
61        RuntimeDirectory = "munge";
62      };
63
64    };
65
66  };
67
68}