| blob | 5d4efc6541c7f63ef2c53727423bab310b30c45b |
1 { config, pkgs, lib, ... }:
3 with lib;
5 let
7 cfg = config.services.salt.minion;
9 fullConfig = lib.recursiveUpdate {
10 # Provide defaults for some directories to allow an immutable config dir
11 # NOTE: the config dir being immutable prevents `minion_id` caching
13 # Default is equivalent to /etc/salt/minion.d/*.conf
14 default_include = "/var/lib/salt/minion.d/*.conf";
15 # Default is in /etc/salt/pki/minion
16 pki_dir = "/var/lib/salt/pki/minion";
17 } cfg.configuration;
19 in
21 {
22 options = {
23 services.salt.minion = {
24 enable = mkEnableOption "Salt configuration management system minion service";
25 configuration = mkOption {
26 type = types.attrs;
27 default = {};
28 description = ''
29 Salt minion configuration as Nix attribute set.
30 See <https://docs.saltstack.com/en/latest/ref/configuration/minion.html>
31 for details.
32 '';
33 };
34 };
35 };
37 config = mkIf cfg.enable {
38 environment = {
39 # Set this up in /etc/salt/minion so `salt-call`, etc. work.
40 # The alternatives are
41 # - passing --config-dir to all salt commands, not just the minion unit,
42 # - setting aglobal environment variable.
43 etc."salt/minion".source = pkgs.writeText "minion" (
44 builtins.toJSON fullConfig
45 );
46 systemPackages = with pkgs; [ salt ];
47 };
48 systemd.services.salt-minion = {
49 description = "Salt Minion";
50 wantedBy = [ "multi-user.target" ];
51 after = [ "network.target" ];
52 path = with pkgs; [
53 util-linux
54 ];
55 serviceConfig = {
56 ExecStart = "${pkgs.salt}/bin/salt-minion";
57 LimitNOFILE = 8192;
58 Type = "notify";
59 NotifyAccess = "all";
60 };
61 restartTriggers = [
62 config.environment.etc."salt/minion".source
63 ];
64 };
65 };
66 }