diff options
Diffstat (limited to 'nixpkgs/nixos/modules/programs/nncp.nix')
-rw-r--r-- | nixpkgs/nixos/modules/programs/nncp.nix | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/programs/nncp.nix b/nixpkgs/nixos/modules/programs/nncp.nix new file mode 100644 index 000000000000..29a703eadf10 --- /dev/null +++ b/nixpkgs/nixos/modules/programs/nncp.nix @@ -0,0 +1,101 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + nncpCfgFile = "/run/nncp.hjson"; + programCfg = config.programs.nncp; + settingsFormat = pkgs.formats.json { }; + jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings; + pkg = programCfg.package; +in { + options.programs.nncp = { + + enable = + mkEnableOption "NNCP (Node to Node copy) utilities and configuration"; + + group = mkOption { + type = types.str; + default = "uucp"; + description = '' + The group under which NNCP files shall be owned. + Any member of this group may access the secret keys + of this NNCP node. + ''; + }; + + package = mkOption { + type = types.package; + default = pkgs.nncp; + defaultText = literalExpression "pkgs.nncp"; + description = "The NNCP package to use system-wide."; + }; + + secrets = mkOption { + type = with types; listOf str; + example = [ "/run/keys/nncp.hjson" ]; + description = '' + A list of paths to NNCP configuration files that should not be + in the Nix store. These files are layered on top of the values at + <xref linkend="opt-programs.nncp.settings"/>. + ''; + }; + + settings = mkOption { + type = settingsFormat.type; + description = '' + NNCP configuration, see + <link xlink:href="http://www.nncpgo.org/Configuration.html"/>. + At runtime these settings will be overlayed by the contents of + <xref linkend="opt-programs.nncp.secrets"/> into the file + <literal>${nncpCfgFile}</literal>. Node keypairs go in + <literal>secrets</literal>, do not specify them in + <literal>settings</literal> as they will be leaked into + <literal>/nix/store</literal>! + ''; + default = { }; + }; + + }; + + config = mkIf programCfg.enable { + + environment = { + systemPackages = [ pkg ]; + etc."nncp.hjson".source = nncpCfgFile; + }; + + programs.nncp.settings = { + spool = mkDefault "/var/spool/nncp"; + log = mkDefault "/var/spool/nncp/log"; + }; + + systemd.tmpfiles.rules = [ + "d ${programCfg.settings.spool} 0770 root ${programCfg.group}" + "f ${programCfg.settings.log} 0770 root ${programCfg.group}" + ]; + + systemd.services.nncp-config = { + path = [ pkg ]; + description = "Generate NNCP configuration"; + wantedBy = [ "basic.target" ]; + serviceConfig.Type = "oneshot"; + script = '' + umask u=rw + nncpCfgDir=$(mktemp --directory nncp.XXX) + for f in ${jsonCfgFile} ${toString config.programs.nncp.secrets}; do + tmpdir=$(mktemp --directory nncp.XXX) + nncp-cfgdir -cfg $f -dump $tmpdir + find $tmpdir -size 1c -delete + cp -a $tmpdir/* $nncpCfgDir/ + rm -rf $tmpdir + done + nncp-cfgdir -load $nncpCfgDir > ${nncpCfgFile} + rm -rf $nncpCfgDir + chgrp ${programCfg.group} ${nncpCfgFile} + chmod g+r ${nncpCfgFile} + ''; + }; + }; + + meta.maintainers = with lib.maintainers; [ ehmry ]; +} |