nixos/modules/services/admin/salt/master.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / admin / salt / master.nix
at master 1.7 kB view raw
 1{
 2  config,
 3  pkgs,
 4  lib,
 5  ...
 6}:
 7let
 8
 9  cfg = config.services.salt.master;
10
11  fullConfig = lib.recursiveUpdate {
12    # Provide defaults for some directories to allow an immutable config dir
13
14    # Default is equivalent to /etc/salt/master.d/*.conf
15    default_include = "/var/lib/salt/master.d/*.conf";
16    # Default is in /etc/salt/pki/master
17    pki_dir = "/var/lib/salt/pki/master";
18  } cfg.configuration;
19
20in
21
22{
23  options = {
24    services.salt.master = {
25      enable = lib.mkEnableOption "Salt configuration management system master service";
26      configuration = lib.mkOption {
27        type = lib.types.attrs;
28        default = { };
29        description = "Salt master configuration as Nix attribute set.";
30      };
31    };
32  };
33
34  config = lib.mkIf cfg.enable {
35    environment = {
36      # Set this up in /etc/salt/master so `salt`, `salt-key`, etc. work.
37      # The alternatives are
38      # - passing --config-dir to all salt commands, not just the master unit,
39      # - setting a global environment variable,
40      etc."salt/master".source = pkgs.writeText "master" (builtins.toJSON fullConfig);
41      systemPackages = with pkgs; [ salt ];
42    };
43    systemd.services.salt-master = {
44      description = "Salt Master";
45      wantedBy = [ "multi-user.target" ];
46      after = [ "network.target" ];
47      path = with pkgs; [
48        util-linux # for dmesg
49      ];
50      serviceConfig = {
51        ExecStart = "${pkgs.salt}/bin/salt-master";
52        LimitNOFILE = 16384;
53        Type = "notify";
54        NotifyAccess = "all";
55      };
56      restartTriggers = [
57        config.environment.etc."salt/master".source
58      ];
59    };
60  };
61
62  meta.maintainers = with lib.maintainers; [ Flakebi ];
63}