nixpkgs/nixos/modules/services/security/munge.nix

{ config, lib, pkgs, ... }:

with lib;

let

  cfg = config.services.munge;

in

{

  ###### interface

  options = {

    services.munge = {
      enable = mkEnableOption "munge service";

      password = mkOption {
        default = "/etc/munge/munge.key";
        type = types.path;
        description = ''
          The path to a daemon's secret key.
        '';
      };

    };

  };

  ###### implementation

  config = mkIf cfg.enable {

    environment.systemPackages = [ pkgs.munge ];

    users.users.munge = {
      description   = "Munge daemon user";
      isSystemUser  = true;
      group         = "munge";
    };

    users.groups.munge = {};

    systemd.services.munged = {
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];

      path = [ pkgs.munge pkgs.coreutils ];

      serviceConfig = {
        ExecStartPre = "+${pkgs.coreutils}/bin/chmod 0400 ${cfg.password}";
        ExecStart = "${pkgs.munge}/bin/munged --syslog --key-file ${cfg.password}";
        PIDFile = "/run/munge/munged.pid";
        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
        User = "munge";
        Group = "munge";
        StateDirectory = "munge";
        StateDirectoryMode = "0711";
        RuntimeDirectory = "munge";
      };

    };

  };

}
munge: add service 2015-03-01 00:23:07 +03:00			`{ config, lib, pkgs, ... }:`

			`with lib;`

			`let`

			`cfg = config.services.munge;`

			`in`

			`{`

			`###### interface`

			`options = {`

			`services.munge = {`
			`enable = mkEnableOption "munge service";`

			`password = mkOption {`
			`default = "/etc/munge/munge.key";`
nixos/modules: Remove all usages of types.string And replace them with a more appropriate type Also fix up some minor module problems along the way 2019-08-08 22:48:27 +02:00			`type = types.path;`
munge: add service 2015-03-01 00:23:07 +03:00			`description = ''`
			`The path to a daemon's secret key.`
			`'';`
			`};`

			`};`

			`};`

			`###### implementation`

			`config = mkIf cfg.enable {`

			`environment.systemPackages = [ pkgs.munge ];`

nixos/munge: run munge as user munge instead of root. (#41509) * Added a note in release notes (incompatibilities) * Adapt slurm test * Change user to munge in service.munge 2018-06-09 00:50:28 +02:00			`users.users.munge = {`
			`description = "Munge daemon user";`
			`isSystemUser = true;`
			`group = "munge";`
			`};`

			`users.groups.munge = {};`

			`systemd.services.munged = {`
munge: add service 2015-03-01 00:23:07 +03:00			`wantedBy = [ "multi-user.target" ];`
			`after = [ "network.target" ];`

			`path = [ pkgs.munge pkgs.coreutils ];`

			`serviceConfig = {`
nixos/munge: replace deprecated usage of PermissionsStartOnly see https://github.com/NixOS/nixpkgs/issues/53852 2019-02-23 17:48:39 -05:00			`ExecStartPre = "+${pkgs.coreutils}/bin/chmod 0400 ${cfg.password}";`
munge: add service 2015-03-01 00:23:07 +03:00			`ExecStart = "${pkgs.munge}/bin/munged --syslog --key-file ${cfg.password}";`
			`PIDFile = "/run/munge/munged.pid";`
			`ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";`
nixos/munge: run munge as user munge instead of root. (#41509) * Added a note in release notes (incompatibilities) * Adapt slurm test * Change user to munge in service.munge 2018-06-09 00:50:28 +02:00			`User = "munge";`
			`Group = "munge";`
nixos/munge: replace deprecated usage of PermissionsStartOnly see https://github.com/NixOS/nixpkgs/issues/53852 2019-02-23 17:48:39 -05:00			`StateDirectory = "munge";`
			`StateDirectoryMode = "0711";`
			`RuntimeDirectory = "munge";`
munge: add service 2015-03-01 00:23:07 +03:00			`};`

			`};`

			`};`

			`}`