diff --git a/nixos/modules/services/admin/oxidized.nix b/nixos/modules/services/admin/oxidized.nix index ad151c57666c..44b28991feab 100644 --- a/nixos/modules/services/admin/oxidized.nix +++ b/nixos/modules/services/admin/oxidized.nix @@ -11,6 +11,8 @@ in options.services.oxidized = { enable = lib.mkEnableOption "the oxidized configuration backup service"; + package = lib.mkPackageOption pkgs "oxidized" { }; + user = lib.mkOption { type = lib.types.str; default = "oxidized"; @@ -70,7 +72,8 @@ in }; routerDB = lib.mkOption { - type = lib.types.path; + type = lib.types.nullOr lib.types.path; + default = null; example = lib.literalExpression '' pkgs.writeText "oxidized-router.db" ''' hostname-sw1:powerconnect:username1:password2 @@ -94,18 +97,57 @@ in isSystemUser = true; }; + systemd.tmpfiles.settings."10-oxidized" = + { + "${cfg.dataDir}" = { + d = { + mode = "0750"; + user = cfg.user; + group = cfg.group; + }; + }; + + "${cfg.dataDir}/.config" = { + d = { + mode = "0750"; + user = cfg.user; + group = cfg.group; + }; + }; + + "${cfg.dataDir}/.config/oxidized" = { + d = { + mode = "0750"; + user = cfg.user; + group = cfg.group; + }; + }; + + "${cfg.dataDir}/.config/oxidized/config" = { + L = { + argument = "${cfg.configFile}"; + user = cfg.user; + group = cfg.group; + }; + }; + + } + // lib.optionalAttrs (cfg.routerDB != null) { + "${cfg.dataDir}/.config/oxidized/router.db" = { + L = { + argument = "${cfg.routerDB}"; + user = cfg.user; + group = cfg.group; + }; + }; + }; + systemd.services.oxidized = { wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - preStart = '' - mkdir -p ${cfg.dataDir}/.config/oxidized - ln -f -s ${cfg.routerDB} ${cfg.dataDir}/.config/oxidized/router.db - ln -f -s ${cfg.configFile} ${cfg.dataDir}/.config/oxidized/config - ''; - serviceConfig = { - ExecStart = "${pkgs.oxidized}/bin/oxidized"; + ExecStart = lib.getExe cfg.package; User = cfg.user; Group = cfg.group; UMask = "0077";