nixos/modules/services/security/munge.nix at release-16.03-start · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / services / security / munge.nix

at release-16.03-start 1.1 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6
 7  cfg = config.services.munge;
 8
 9in
10
11{
12
13  ###### interface
14
15  options = {
16
17    services.munge = {
18      enable = mkEnableOption "munge service";
19
20      password = mkOption {
21        default = "/etc/munge/munge.key";
22        type = types.string;
23        description = ''
24          The path to a daemon's secret key.
25        '';
26      };
27
28    };
29
30  };
31
32  ###### implementation
33
34  config = mkIf cfg.enable {
35
36    environment.systemPackages = [ pkgs.munge ];
37
38    systemd.services.munged = { 
39      wantedBy = [ "multi-user.target" ];
40      after = [ "network.target" ];
41
42      path = [ pkgs.munge pkgs.coreutils ];
43
44      preStart = ''
45        chmod 0700 ${cfg.password}
46        mkdir -p /var/lib/munge -m 0711
47        mkdir -p /var/log/munge -m 0700
48        mkdir -p /run/munge -m 0755
49      '';
50
51      serviceConfig = {
52        ExecStart = "${pkgs.munge}/bin/munged --syslog --key-file ${cfg.password}";
53        PIDFile = "/run/munge/munged.pid";
54        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
55      };
56
57    };
58
59  };
60
61}