nixos/modules/services/security/munge.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / services / security / munge.nix

at 24.11-pre 1.4 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6
 7  cfg = config.services.munge;
 8
 9in
10
11{
12
13  ###### interface
14
15  options = {
16
17    services.munge = {
18      enable = mkEnableOption "munge service";
19
20      password = mkOption {
21        default = "/etc/munge/munge.key";
22        type = types.path;
23        description = ''
24          The path to a daemon's secret key.
25        '';
26      };
27
28    };
29
30  };
31
32  ###### implementation
33
34  config = mkIf cfg.enable {
35
36    environment.systemPackages = [ pkgs.munge ];
37
38    users.users.munge = {
39      description   = "Munge daemon user";
40      isSystemUser  = true;
41      group         = "munge";
42    };
43
44    users.groups.munge = {};
45
46    systemd.services.munged = {
47      wantedBy = [ "multi-user.target" ];
48      wants = [
49        "network-online.target"
50        "time-sync.target"
51      ];
52      after = [
53        "network-online.target"
54        "time-sync.target"
55      ];
56
57      path = [ pkgs.munge pkgs.coreutils ];
58
59      serviceConfig = {
60        ExecStartPre = "+${pkgs.coreutils}/bin/chmod 0400 ${cfg.password}";
61        ExecStart = "${pkgs.munge}/bin/munged --foreground --key-file ${cfg.password}";
62        User = "munge";
63        Group = "munge";
64        StateDirectory = "munge";
65        StateDirectoryMode = "0711";
66        Restart = "on-failure";
67        RuntimeDirectory = "munge";
68      };
69
70    };
71
72  };
73
74}