pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / security / munge.nix
at 25.11-pre 1.5 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7let 8 9 cfg = config.services.munge; 10 11in 12 13{ 14 15 ###### interface 16 17 options = { 18 19 services.munge = { 20 enable = lib.mkEnableOption "munge service"; 21 22 password = lib.mkOption { 23 default = "/etc/munge/munge.key"; 24 type = lib.types.path; 25 description = '' 26 The path to a daemon's secret key. 27 ''; 28 }; 29 30 }; 31 32 }; 33 34 ###### implementation 35 36 config = lib.mkIf cfg.enable { 37 38 environment.systemPackages = [ pkgs.munge ]; 39 40 users.users.munge = { 41 description = "Munge daemon user"; 42 isSystemUser = true; 43 group = "munge"; 44 }; 45 46 users.groups.munge = { }; 47 48 systemd.services.munged = { 49 documentation = [ 50 "man:munged(8)" 51 "man:mungekey(8)" 52 ]; 53 wantedBy = [ "multi-user.target" ]; 54 wants = [ 55 "network-online.target" 56 "time-sync.target" 57 ]; 58 after = [ 59 "network-online.target" 60 "time-sync.target" 61 ]; 62 63 path = [ 64 pkgs.munge 65 pkgs.coreutils 66 ]; 67 68 serviceConfig = { 69 ExecStartPre = "+${pkgs.coreutils}/bin/chmod 0400 ${cfg.password}"; 70 ExecStart = "${pkgs.munge}/bin/munged --foreground --key-file ${cfg.password}"; 71 User = "munge"; 72 Group = "munge"; 73 StateDirectory = "munge"; 74 StateDirectoryMode = "0711"; 75 Restart = "on-failure"; 76 RuntimeDirectory = "munge"; 77 }; 78 79 }; 80 81 }; 82 83}