| blob | 9f9eac11eb7a454fb5d1dc16a9c43fdd7310dbc8 |
1 {
2 config,
3 pkgs,
4 lib,
5 ...
6 }:
7 let
9 cfg = config.services.salt.master;
11 fullConfig = lib.recursiveUpdate {
12 # Provide defaults for some directories to allow an immutable config dir
14 # Default is equivalent to /etc/salt/master.d/*.conf
15 default_include = "/var/lib/salt/master.d/*.conf";
16 # Default is in /etc/salt/pki/master
17 pki_dir = "/var/lib/salt/pki/master";
18 } cfg.configuration;
20 in
22 {
23 options = {
24 services.salt.master = {
25 enable = lib.mkEnableOption "Salt configuration management system master service";
26 configuration = lib.mkOption {
27 type = lib.types.attrs;
28 default = { };
29 description = "Salt master configuration as Nix attribute set.";
30 };
31 };
32 };
34 config = lib.mkIf cfg.enable {
35 environment = {
36 # Set this up in /etc/salt/master so `salt`, `salt-key`, etc. work.
37 # The alternatives are
38 # - passing --config-dir to all salt commands, not just the master unit,
39 # - setting a global environment variable,
40 etc."salt/master".source = pkgs.writeText "master" (builtins.toJSON fullConfig);
41 systemPackages = with pkgs; [ salt ];
42 };
43 systemd.services.salt-master = {
44 description = "Salt Master";
45 wantedBy = [ "multi-user.target" ];
46 after = [ "network.target" ];
47 path = with pkgs; [
48 util-linux # for dmesg
49 ];
50 serviceConfig = {
51 ExecStart = "${pkgs.salt}/bin/salt-master";
52 LimitNOFILE = 16384;
53 Type = "notify";
54 NotifyAccess = "all";
55 };
56 restartTriggers = [
57 config.environment.etc."salt/master".source
58 ];
59 };
60 };
62 meta.maintainers = with lib.maintainers; [ Flakebi ];
63 }