derchrisuk · October 16, 2016 14:14
diff --git a/bareos.nix b/bareos.nix
 { config, lib, pkgs, ... }:

 with lib;

 let

  libDir = "/var/lib/bareos";

  fd_cfg = config.services.bareos-fd;
  fd_conf = if (fd_cfg.tls.enable)
  then pkgs.writeText "bareos-fd.conf"
    ''
      Director {
        Name = ${fd_cfg.director.name}
        Password = "${fd_cfg.director.password}"
        Address = ${fd_cfg.director.address}
        ${optionalString fd_cfg.tls.enable "TLS Enable = yes"}
        ${optionalString fd_cfg.tls.require "TLS Require = yes"}
        ${optionalString (fd_cfg.tls.allowed != null) ("TLS ALLOWED CN = "+toString fd_cfg.tls.allowed)}
        ${optionalString fd_cfg.tls.verify "TLS Verify Peer = yes"}
        ${optionalString (fd_cfg.tls.ca != null) ("TLS CA Certificate File = "+toString fd_cfg.tls.ca)}
        ${optionalString (fd_cfg.tls.cert != null) ("TLS Certificate = "+toString fd_cfg.tls.cert)}
        ${optionalString (fd_cfg.tls.key != null) ("TLS Key = "+toString fd_cfg.tls.key)}
        ${optionalString (fd_cfg.tls.dh != null) ("TLS DH File = "+toString fd_cfg.tls.dh)}
        ${fd_cfg.extraDirectorConfig}
      }

      FileDaemon {
        Name = ${fd_cfg.name}
        WorkingDirectory = "${libDir}"
        FDAddresses = ${fd_cfg.listen}
        Compatible = ${fd_cfg.compatible}
        ${optionalString fd_cfg.tls.enable "TLS Enable = yes"}
        ${optionalString fd_cfg.tls.require "TLS Require = yes"}
        ${optionalString (fd_cfg.tls.ca != null) ("TLS CA Certificate File = "+toString fd_cfg.tls.ca)}
        ${optionalString (fd_cfg.tls.cert != null) ("TLS Certificate = "+toString fd_cfg.tls.cert)}
        ${optionalString (fd_cfg.tls.key != null) ("TLS Key = "+toString fd_cfg.tls.key)}
        ${optionalString fd_cfg.pki.signature "PKI Signatures = yes"}
        ${optionalString fd_cfg.pki.encryption "PKI Encryption = yes"}
        ${optionalString (fd_cfg.pki.keypair != null) ("PKI Keypair = "+toString fd_cfg.pki.keypair)}
        ${optionalString (fd_cfg.pki.key != null) ("PKI Master Key = "+toString fd_cfg.pki.key)}
        ${fd_cfg.extraClientConfig}
      }

      Messages {
        Name = Standard
        director = "${fd_cfg.director.name}" = all, !skipped, !restored
        ${fd_cfg.extraMessagesConfig}
      }
    ''
  else pkgs.writeText "bareos-fd.conf"
    ''
      Director {
        Name = ${fd_cfg.director.name}
        Password = "${fd_cfg.director.password}"
        Address = ${fd_cfg.director.address}
        ${fd_cfg.extraDirectorConfig}
      }

      FileDaemon {
        Name = ${fd_cfg.name}
        WorkingDirectory = "${libDir}"
        FDAddresses = ${fd_cfg.listen}
        Compatible = ${fd_cfg.compatible}
        ${optionalString fd_cfg.pki.signature "PKI Signatures = yes"}
        ${optionalString fd_cfg.pki.encryption "PKI Encryption = yes"}
        ${optionalString (fd_cfg.pki.keypair != null) ("PKI Keypair = "+toString fd_cfg.pki.keypair)}
        ${optionalString (fd_cfg.pki.key != null) ("PKI Master Key = "+toString fd_cfg.pki.key)}
        ${fd_cfg.extraClientConfig}
      }

      Messages {
        Name = Standard
        director = "${fd_cfg.director.name}" = all, !skipped, !restored
        ${fd_cfg.extraMessagesConfig}
      }
    '';

 in {
  options = {
    services.bareos-fd = {
      enable = mkOption {
        type = types.bool;
        default = false;
        description = ''
          Whether to enable the Bareos File Daemon.
        '';
      };

      name = mkOption {
        default = "${config.networking.hostName}-fd";
        description = ''
          The client name that must be used by the Director when connecting.
          Generally, it is a good idea to use a name related to the machine
          so that error messages can be easily identified if you have multiple
          Clients. This directive is required.
        '';
      };

      listen = mkOption {
        default = "";
        description = ''
          Which addresses should the client listen on
        '';
      };

      compatible = mkOption {
         default = "yes";
         description = ''
           Run Bareos in Compatibility mode
         '';
      };

      pki = {
        signature = mkOption {
          type = types.bool;
          default = false;
          description = ''
            Enable PKI Signatures
          '';
        };

        encryption = mkOption {
          type = types.bool;
          default = false;
          description = ''
            Enable PKI Encryption
          '';
        };

        keypair = mkOption {
          type = types.nullOr types.str;
          default = null;
          description = ''
            Path to PKI keypair file
          '';
        };

        key = mkOption {
          type = types.nullOr types.str;
          default = null;
          description = ''
            Path to PKI data key file
          '';
        };
      };

      tls = {
        enable = mkOption {
          type = types.bool;
          default = false;
          description = ''
            Enable TLS
          '';
        };

        require = mkOption {
          type = types.bool;
          default = false;
          description = ''
            Is TLS required?
          '';
        };

        allowed = mkOption {
          type = types.nullOr types.str;
          default = null;
          description = ''
            Set the allowed CN
          '';
        };

        verify = mkOption {
          type = types.bool;
          default = false;
          description = ''
            Verify peer?
          '';
        };

        dh = mkOption {
          type = types.nullOr types.str;
          default = null;
          description = ''
            Path to DH file
          '';
        };

        ca = mkOption {
          type = types.nullOr types.str;
          default = null;
          description = ''
            Path to CA certificate file
          '';
        };

        cert = mkOption {
          type = types.nullOr types.str;
          default = null;
          description = ''
            Path to Certificate file
          '';
        };

        key = mkOption {
          type = types.nullOr types.str;
          default = null;
          description = ''
            Path to private key file
          '';
        };
      };

      director = {
        name = mkOption {
          default = "";
          description = ''
            Name of the director server
          '';
        };

        password = mkOption {
          default = "";
          description = ''
            Director password
          '';
        };

        address = mkOption {
          default = "";
          description = ''
            Address of Director Server
          '';
        };
      };

      extraClientConfig = mkOption {
        default = "";
        description = ''
          Extra configuration to be passed in Client directive.
        '';
        example = ''
          Maximum Concurrent Jobs = 20;
          Heartbeat Interval = 30;
        '';
      };

      extraDirectorConfig = mkOption {
        default = "";
        description = ''
          Extra configuration to be passed in Director directive.
        '';
        example = ''
          Maximum Concurrent Jobs = 20;
          Heartbeat Interval = 30;
        '';
      };

      extraMessagesConfig = mkOption {
        default = "";
        description = ''
          Extra configuration to be passed in Messages directive.
        '';
        example = ''
          console = all
        '';
      };
    };
  };

  config = mkIf (fd_cfg.enable) {
    systemd.services.bareos-fd = mkIf fd_cfg.enable {
      after = [ "network.target" ];
      description = "Bareos File Daemon";
      wantedBy = [ "multi-user.target" ];
      path = [ pkgs.bareos ];
      serviceConfig.ExecStart = "${pkgs.bareos}/bin/bareos-fd -f -u root -g bareos -c ${fd_conf}";
      serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
      preStart = ''
        mkdir -p "/var/run/bareos/"
        mkdir -p "{$libDir}"
      '';
    };

    environment.systemPackages = [ pkgs.bareos ];

    users.extraUsers.bareos = {
      group = "bareos";
      uid = 257; #config.ids.uids.bareos;
      home = "${libDir}";
      createHome = true;
      description = "Bareos Daemons user";
      shell = "${pkgs.bash}/bin/bash";
    };

    users.extraGroups.bareos.gid = 257; #config.ids.gids.bareos;
  };
 }
	{ config, lib, pkgs, ... }:

	with lib;

	let

	libDir = "/var/lib/bareos";

	fd_cfg = config.services.bareos-fd;
	fd_conf = if (fd_cfg.tls.enable)
	then pkgs.writeText "bareos-fd.conf"
	''
	Director {
	Name = ${fd_cfg.director.name}
	Password = "${fd_cfg.director.password}"
	Address = ${fd_cfg.director.address}
	${optionalString fd_cfg.tls.enable "TLS Enable = yes"}
	${optionalString fd_cfg.tls.require "TLS Require = yes"}
	${optionalString (fd_cfg.tls.allowed != null) ("TLS ALLOWED CN = "+toString fd_cfg.tls.allowed)}
	${optionalString fd_cfg.tls.verify "TLS Verify Peer = yes"}
	${optionalString (fd_cfg.tls.ca != null) ("TLS CA Certificate File = "+toString fd_cfg.tls.ca)}
	${optionalString (fd_cfg.tls.cert != null) ("TLS Certificate = "+toString fd_cfg.tls.cert)}
	${optionalString (fd_cfg.tls.key != null) ("TLS Key = "+toString fd_cfg.tls.key)}
	${optionalString (fd_cfg.tls.dh != null) ("TLS DH File = "+toString fd_cfg.tls.dh)}
	${fd_cfg.extraDirectorConfig}
	}

	FileDaemon {
	Name = ${fd_cfg.name}
	WorkingDirectory = "${libDir}"
	FDAddresses = ${fd_cfg.listen}
	Compatible = ${fd_cfg.compatible}
	${optionalString fd_cfg.tls.enable "TLS Enable = yes"}
	${optionalString fd_cfg.tls.require "TLS Require = yes"}
	${optionalString (fd_cfg.tls.ca != null) ("TLS CA Certificate File = "+toString fd_cfg.tls.ca)}
	${optionalString (fd_cfg.tls.cert != null) ("TLS Certificate = "+toString fd_cfg.tls.cert)}
	${optionalString (fd_cfg.tls.key != null) ("TLS Key = "+toString fd_cfg.tls.key)}
	${optionalString fd_cfg.pki.signature "PKI Signatures = yes"}
	${optionalString fd_cfg.pki.encryption "PKI Encryption = yes"}
	${optionalString (fd_cfg.pki.keypair != null) ("PKI Keypair = "+toString fd_cfg.pki.keypair)}
	${optionalString (fd_cfg.pki.key != null) ("PKI Master Key = "+toString fd_cfg.pki.key)}
	${fd_cfg.extraClientConfig}
	}

	Messages {
	Name = Standard
	director = "${fd_cfg.director.name}" = all, !skipped, !restored
	${fd_cfg.extraMessagesConfig}
	}
	''
	else pkgs.writeText "bareos-fd.conf"
	''
	Director {
	Name = ${fd_cfg.director.name}
	Password = "${fd_cfg.director.password}"
	Address = ${fd_cfg.director.address}
	${fd_cfg.extraDirectorConfig}
	}

	FileDaemon {
	Name = ${fd_cfg.name}
	WorkingDirectory = "${libDir}"
	FDAddresses = ${fd_cfg.listen}
	Compatible = ${fd_cfg.compatible}
	${optionalString fd_cfg.pki.signature "PKI Signatures = yes"}
	${optionalString fd_cfg.pki.encryption "PKI Encryption = yes"}
	${optionalString (fd_cfg.pki.keypair != null) ("PKI Keypair = "+toString fd_cfg.pki.keypair)}
	${optionalString (fd_cfg.pki.key != null) ("PKI Master Key = "+toString fd_cfg.pki.key)}
	${fd_cfg.extraClientConfig}
	}

	Messages {
	Name = Standard
	director = "${fd_cfg.director.name}" = all, !skipped, !restored
	${fd_cfg.extraMessagesConfig}
	}
	'';

	in {
	options = {
	services.bareos-fd = {
	enable = mkOption {
	type = types.bool;
	default = false;
	description = ''
	Whether to enable the Bareos File Daemon.
	'';
	};

	name = mkOption {
	default = "${config.networking.hostName}-fd";
	description = ''
	The client name that must be used by the Director when connecting.
	Generally, it is a good idea to use a name related to the machine
	so that error messages can be easily identified if you have multiple
	Clients. This directive is required.
	'';
	};

	listen = mkOption {
	default = "";
	description = ''
	Which addresses should the client listen on
	'';
	};

	compatible = mkOption {
	default = "yes";
	description = ''
	Run Bareos in Compatibility mode
	'';
	};

	pki = {
	signature = mkOption {
	type = types.bool;
	default = false;
	description = ''
	Enable PKI Signatures
	'';
	};

	encryption = mkOption {
	type = types.bool;
	default = false;
	description = ''
	Enable PKI Encryption
	'';
	};

	keypair = mkOption {
	type = types.nullOr types.str;
	default = null;
	description = ''
	Path to PKI keypair file
	'';
	};

	key = mkOption {
	type = types.nullOr types.str;
	default = null;
	description = ''
	Path to PKI data key file
	'';
	};
	};

	tls = {
	enable = mkOption {
	type = types.bool;
	default = false;
	description = ''
	Enable TLS
	'';
	};

	require = mkOption {
	type = types.bool;
	default = false;
	description = ''
	Is TLS required?
	'';
	};

	allowed = mkOption {
	type = types.nullOr types.str;
	default = null;
	description = ''
	Set the allowed CN
	'';
	};

	verify = mkOption {
	type = types.bool;
	default = false;
	description = ''
	Verify peer?
	'';
	};

	dh = mkOption {
	type = types.nullOr types.str;
	default = null;
	description = ''
	Path to DH file
	'';
	};

	ca = mkOption {
	type = types.nullOr types.str;
	default = null;
	description = ''
	Path to CA certificate file
	'';
	};

	cert = mkOption {
	type = types.nullOr types.str;
	default = null;
	description = ''
	Path to Certificate file
	'';
	};

	key = mkOption {
	type = types.nullOr types.str;
	default = null;
	description = ''
	Path to private key file
	'';
	};
	};

	director = {
	name = mkOption {
	default = "";
	description = ''
	Name of the director server
	'';
	};

	password = mkOption {
	default = "";
	description = ''
	Director password
	'';
	};

	address = mkOption {
	default = "";
	description = ''
	Address of Director Server
	'';
	};
	};

	extraClientConfig = mkOption {
	default = "";
	description = ''
	Extra configuration to be passed in Client directive.
	'';
	example = ''
	Maximum Concurrent Jobs = 20;
	Heartbeat Interval = 30;
	'';
	};

	extraDirectorConfig = mkOption {
	default = "";
	description = ''
	Extra configuration to be passed in Director directive.
	'';
	example = ''
	Maximum Concurrent Jobs = 20;
	Heartbeat Interval = 30;
	'';
	};

	extraMessagesConfig = mkOption {
	default = "";
	description = ''
	Extra configuration to be passed in Messages directive.
	'';
	example = ''
	console = all
	'';
	};
	};
	};

	config = mkIf (fd_cfg.enable) {
	systemd.services.bareos-fd = mkIf fd_cfg.enable {
	after = [ "network.target" ];
	description = "Bareos File Daemon";
	wantedBy = [ "multi-user.target" ];
	path = [ pkgs.bareos ];
	serviceConfig.ExecStart = "${pkgs.bareos}/bin/bareos-fd -f -u root -g bareos -c ${fd_conf}";
	serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
	preStart = ''
	mkdir -p "/var/run/bareos/"
	mkdir -p "{$libDir}"
	'';
	};

	environment.systemPackages = [ pkgs.bareos ];

	users.extraUsers.bareos = {
	group = "bareos";
	uid = 257; #config.ids.uids.bareos;
	home = "${libDir}";
	createHome = true;
	description = "Bareos Daemons user";
	shell = "${pkgs.bash}/bin/bash";
	};

	users.extraGroups.bareos.gid = 257; #config.ids.gids.bareos;
	};
	}