From e91d3c91798b8e2e5746185650418bc328536dd3 Mon Sep 17 00:00:00 2001 From: WilliButz Date: Thu, 19 Apr 2018 12:23:00 +0200 Subject: [PATCH] nixos/oxidized: add module --- nixos/modules/module-list.nix | 1 + nixos/modules/services/admin/oxidized.nix | 116 ++++++++++++++++++++++ 2 files changed, 117 insertions(+) create mode 100644 nixos/modules/services/admin/oxidized.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index d5cfd87520c..65b4cfd7e0b 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -150,6 +150,7 @@ ./security/rtkit.nix ./security/wrappers/default.nix ./security/sudo.nix + ./services/admin/oxidized.nix ./services/admin/salt/master.nix ./services/admin/salt/minion.nix ./services/amqp/activemq/default.nix diff --git a/nixos/modules/services/admin/oxidized.nix b/nixos/modules/services/admin/oxidized.nix new file mode 100644 index 00000000000..891ca6323c3 --- /dev/null +++ b/nixos/modules/services/admin/oxidized.nix @@ -0,0 +1,116 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.oxidized; +in +{ + options.services.oxidized = { + enable = mkEnableOption "the oxidized configuation backup service."; + + user = mkOption { + type = types.str; + default = "oxidized"; + description = '' + User under which the oxidized service runs. + ''; + }; + + group = mkOption { + type = types.str; + default = "oxidized"; + description = '' + Group under which the oxidized service runs. + ''; + }; + + dataDir = mkOption { + type = types.path; + default = "/var/lib/oxidized"; + description = "State directory for the oxidized service."; + }; + + configFile = mkOption { + type = types.path; + example = literalExample '' + pkgs.writeText "oxidized-config.yml" ''' + --- + debug: true + use_syslog: true + input: + default: ssh + ssh: + secure: true + interval: 3600 + model_map: + dell: powerconnect + hp: procurve + source: + default: csv + csv: + delimiter: !ruby/regexp /:/ + file: "/var/lib/oxidized/.config/oxidized/router.db" + map: + name: 0 + model: 1 + username: 2 + password: 3 + pid: "/var/lib/oxidized/.config/oxidized/pid" + rest: 127.0.0.1:8888 + retries: 3 + # ... additional config + '''; + ''; + description = '' + Path to the oxidized configuration file. + ''; + }; + + routerDB = mkOption { + type = types.path; + example = literalExample '' + pkgs.writeText "oxidized-router.db" ''' + hostname-sw1:powerconnect:username1:password2 + hostname-sw2:procurve:username2:password2 + # ... additional hosts + ''' + ''; + description = '' + Path to the file/database which contains the targets for oxidized. + ''; + }; + }; + + config = mkIf cfg.enable { + users.extraGroups.${cfg.group} = { }; + users.extraUsers.${cfg.user} = { + description = "Oxidized service user"; + group = cfg.group; + home = cfg.dataDir; + createHome = true; + }; + + systemd.services.oxidized = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + preStart = '' + mkdir -p ${cfg.dataDir}/.config/oxidized + cp -v ${cfg.routerDB} ${cfg.dataDir}/.config/oxidized/router.db + cp -v ${cfg.configFile} ${cfg.dataDir}/.config/oxidized/config + ''; + + serviceConfig = { + ExecStart = "${pkgs.oxidized}/bin/oxidized"; + User = cfg.user; + Group = cfg.group; + UMask = "0077"; + NoNewPrivileges = true; + Restart = "always"; + WorkingDirectory = cfg.dataDir; + KillSignal = "SIGKILL"; + }; + }; + }; +}