pyrox.dev
1{
2 config,
3 pkgs,
4 lib,
5 ...
6}:
7let
8
9 cfg = config.services.salt.minion;
10
11 fullConfig = lib.recursiveUpdate {
12 # Provide defaults for some directories to allow an immutable config dir
13 # NOTE: the config dir being immutable prevents `minion_id` caching
14
15 # Default is equivalent to /etc/salt/minion.d/*.conf
16 default_include = "/var/lib/salt/minion.d/*.conf";
17 # Default is in /etc/salt/pki/minion
18 pki_dir = "/var/lib/salt/pki/minion";
19 } cfg.configuration;
20
21in
22
23{
24 options = {
25 services.salt.minion = {
26 enable = lib.mkEnableOption "Salt configuration management system minion service";
27 configuration = lib.mkOption {
28 type = lib.types.attrs;
29 default = { };
30 description = ''
31 Salt minion configuration as Nix attribute set.
32 See <https://docs.saltstack.com/en/latest/ref/configuration/minion.html>
33 for details.
34 '';
35 };
36 };
37 };
38
39 config = lib.mkIf cfg.enable {
40 environment = {
41 # Set this up in /etc/salt/minion so `salt-call`, etc. work.
42 # The alternatives are
43 # - passing --config-dir to all salt commands, not just the minion unit,
44 # - setting aglobal environment variable.
45 etc."salt/minion".source = pkgs.writeText "minion" (builtins.toJSON fullConfig);
46 systemPackages = with pkgs; [ salt ];
47 };
48 systemd.services.salt-minion = {
49 description = "Salt Minion";
50 wantedBy = [ "multi-user.target" ];
51 after = [ "network.target" ];
52 path = with pkgs; [
53 util-linux
54 ];
55 serviceConfig = {
56 ExecStart = "${pkgs.salt}/bin/salt-minion";
57 LimitNOFILE = 8192;
58 Type = "notify";
59 NotifyAccess = "all";
60 };
61 restartTriggers = [
62 config.environment.etc."salt/minion".source
63 ];
64 };
65 };
66}