about summary refs log tree commit diff
path: root/nixpkgs/nixos/modules/programs/nncp.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/nixos/modules/programs/nncp.nix')
-rw-r--r--nixpkgs/nixos/modules/programs/nncp.nix101
1 files changed, 101 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/programs/nncp.nix b/nixpkgs/nixos/modules/programs/nncp.nix
new file mode 100644
index 000000000000..29a703eadf10
--- /dev/null
+++ b/nixpkgs/nixos/modules/programs/nncp.nix
@@ -0,0 +1,101 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  nncpCfgFile = "/run/nncp.hjson";
+  programCfg = config.programs.nncp;
+  settingsFormat = pkgs.formats.json { };
+  jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings;
+  pkg = programCfg.package;
+in {
+  options.programs.nncp = {
+
+    enable =
+      mkEnableOption "NNCP (Node to Node copy) utilities and configuration";
+
+    group = mkOption {
+      type = types.str;
+      default = "uucp";
+      description = ''
+        The group under which NNCP files shall be owned.
+        Any member of this group may access the secret keys
+        of this NNCP node.
+      '';
+    };
+
+    package = mkOption {
+      type = types.package;
+      default = pkgs.nncp;
+      defaultText = literalExpression "pkgs.nncp";
+      description = "The NNCP package to use system-wide.";
+    };
+
+    secrets = mkOption {
+      type = with types; listOf str;
+      example = [ "/run/keys/nncp.hjson" ];
+      description = ''
+        A list of paths to NNCP configuration files that should not be
+        in the Nix store. These files are layered on top of the values at
+        <xref linkend="opt-programs.nncp.settings"/>.
+      '';
+    };
+
+    settings = mkOption {
+      type = settingsFormat.type;
+      description = ''
+        NNCP configuration, see
+        <link xlink:href="http://www.nncpgo.org/Configuration.html"/>.
+        At runtime these settings will be overlayed by the contents of
+        <xref linkend="opt-programs.nncp.secrets"/> into the file
+        <literal>${nncpCfgFile}</literal>. Node keypairs go in
+        <literal>secrets</literal>, do not specify them in
+        <literal>settings</literal> as they will be leaked into
+        <literal>/nix/store</literal>!
+      '';
+      default = { };
+    };
+
+  };
+
+  config = mkIf programCfg.enable {
+
+    environment = {
+      systemPackages = [ pkg ];
+      etc."nncp.hjson".source = nncpCfgFile;
+    };
+
+    programs.nncp.settings = {
+      spool = mkDefault "/var/spool/nncp";
+      log = mkDefault "/var/spool/nncp/log";
+    };
+
+    systemd.tmpfiles.rules = [
+      "d ${programCfg.settings.spool} 0770 root ${programCfg.group}"
+      "f ${programCfg.settings.log} 0770 root ${programCfg.group}"
+    ];
+
+    systemd.services.nncp-config = {
+      path = [ pkg ];
+      description = "Generate NNCP configuration";
+      wantedBy = [ "basic.target" ];
+      serviceConfig.Type = "oneshot";
+      script = ''
+        umask u=rw
+        nncpCfgDir=$(mktemp --directory nncp.XXX)
+        for f in ${jsonCfgFile} ${toString config.programs.nncp.secrets}; do
+          tmpdir=$(mktemp --directory nncp.XXX)
+          nncp-cfgdir -cfg $f -dump $tmpdir
+          find $tmpdir -size 1c -delete
+          cp -a $tmpdir/* $nncpCfgDir/
+          rm -rf $tmpdir
+        done
+        nncp-cfgdir -load $nncpCfgDir > ${nncpCfgFile}
+        rm -rf $nncpCfgDir
+        chgrp ${programCfg.group} ${nncpCfgFile}
+        chmod g+r ${nncpCfgFile}
+      '';
+    };
+  };
+
+  meta.maintainers = with lib.maintainers; [ ehmry ];
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-01 16:13:20 +0000