diff options
author | Emery Hemingway <ehmry@c3d2.de> | 2022-02-26 10:53:26 -0600 |
---|---|---|
committer | ehmry <ehmry@posteo.net> | 2022-03-25 16:30:13 +0000 |
commit | 4ec35ff6d6298f3fc70be458ea1fea68ee85b1e9 (patch) | |
tree | 148a854d76990163e27a63b94a8d694145381665 /nixos/modules | |
parent | ad15abe7ffbc68ba8a41fdb9270c31b75e2e7fd8 (diff) | |
download | nixlib-4ec35ff6d6298f3fc70be458ea1fea68ee85b1e9.tar nixlib-4ec35ff6d6298f3fc70be458ea1fea68ee85b1e9.tar.gz nixlib-4ec35ff6d6298f3fc70be458ea1fea68ee85b1e9.tar.bz2 nixlib-4ec35ff6d6298f3fc70be458ea1fea68ee85b1e9.tar.lz nixlib-4ec35ff6d6298f3fc70be458ea1fea68ee85b1e9.tar.xz nixlib-4ec35ff6d6298f3fc70be458ea1fea68ee85b1e9.tar.zst nixlib-4ec35ff6d6298f3fc70be458ea1fea68ee85b1e9.zip |
nixos: init programs/nncp module
The NNCP utilities read a configuration at "/etc/nncp.hjson" by default. Add a NixOS module for generating this configuration.
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/programs/nncp.nix | 101 |
2 files changed, 102 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 93172aa08246..a4c389e69373 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -184,6 +184,7 @@ ./programs/nix-ld.nix ./programs/neovim.nix ./programs/nm-applet.nix + ./programs/nncp.nix ./programs/npm.nix ./programs/noisetorch.nix ./programs/oblogout.nix diff --git a/nixos/modules/programs/nncp.nix b/nixos/modules/programs/nncp.nix new file mode 100644 index 000000000000..29a703eadf10 --- /dev/null +++ b/nixos/modules/programs/nncp.nix @@ -0,0 +1,101 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + nncpCfgFile = "/run/nncp.hjson"; + programCfg = config.programs.nncp; + settingsFormat = pkgs.formats.json { }; + jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings; + pkg = programCfg.package; +in { + options.programs.nncp = { + + enable = + mkEnableOption "NNCP (Node to Node copy) utilities and configuration"; + + group = mkOption { + type = types.str; + default = "uucp"; + description = '' + The group under which NNCP files shall be owned. + Any member of this group may access the secret keys + of this NNCP node. + ''; + }; + + package = mkOption { + type = types.package; + default = pkgs.nncp; + defaultText = literalExpression "pkgs.nncp"; + description = "The NNCP package to use system-wide."; + }; + + secrets = mkOption { + type = with types; listOf str; + example = [ "/run/keys/nncp.hjson" ]; + description = '' + A list of paths to NNCP configuration files that should not be + in the Nix store. These files are layered on top of the values at + <xref linkend="opt-programs.nncp.settings"/>. + ''; + }; + + settings = mkOption { + type = settingsFormat.type; + description = '' + NNCP configuration, see + <link xlink:href="http://www.nncpgo.org/Configuration.html"/>. + At runtime these settings will be overlayed by the contents of + <xref linkend="opt-programs.nncp.secrets"/> into the file + <literal>${nncpCfgFile}</literal>. Node keypairs go in + <literal>secrets</literal>, do not specify them in + <literal>settings</literal> as they will be leaked into + <literal>/nix/store</literal>! + ''; + default = { }; + }; + + }; + + config = mkIf programCfg.enable { + + environment = { + systemPackages = [ pkg ]; + etc."nncp.hjson".source = nncpCfgFile; + }; + + programs.nncp.settings = { + spool = mkDefault "/var/spool/nncp"; + log = mkDefault "/var/spool/nncp/log"; + }; + + systemd.tmpfiles.rules = [ + "d ${programCfg.settings.spool} 0770 root ${programCfg.group}" + "f ${programCfg.settings.log} 0770 root ${programCfg.group}" + ]; + + systemd.services.nncp-config = { + path = [ pkg ]; + description = "Generate NNCP configuration"; + wantedBy = [ "basic.target" ]; + serviceConfig.Type = "oneshot"; + script = '' + umask u=rw + nncpCfgDir=$(mktemp --directory nncp.XXX) + for f in ${jsonCfgFile} ${toString config.programs.nncp.secrets}; do + tmpdir=$(mktemp --directory nncp.XXX) + nncp-cfgdir -cfg $f -dump $tmpdir + find $tmpdir -size 1c -delete + cp -a $tmpdir/* $nncpCfgDir/ + rm -rf $tmpdir + done + nncp-cfgdir -load $nncpCfgDir > ${nncpCfgFile} + rm -rf $nncpCfgDir + chgrp ${programCfg.group} ${nncpCfgFile} + chmod g+r ${nncpCfgFile} + ''; + }; + }; + + meta.maintainers = with lib.maintainers; [ ehmry ]; +} |