nixos: init programs/nncp module
The NNCP utilities read a configuration at "/etc/nncp.hjson" by default. Add a NixOS module for generating this configuration.
This commit is contained in:
parent
ad15abe7ff
commit
4ec35ff6d6
@ -1660,6 +1660,12 @@
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>programs.nncp</literal> options were added for
|
||||
generating host-global NNCP configuration.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
@ -587,4 +587,6 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
- Testing has been enabled for `aarch64-linux` in addition to `x86_64-linux`.
|
||||
- The `spark3` package is now usable on `aarch64-darwin` as a result of [#158613](https://github.com/NixOS/nixpkgs/pull/158613) and [#158992](https://github.com/NixOS/nixpkgs/pull/158992).
|
||||
|
||||
- The `programs.nncp` options were added for generating host-global NNCP configuration.
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
@ -184,6 +184,7 @@
|
||||
./programs/nix-ld.nix
|
||||
./programs/neovim.nix
|
||||
./programs/nm-applet.nix
|
||||
./programs/nncp.nix
|
||||
./programs/npm.nix
|
||||
./programs/noisetorch.nix
|
||||
./programs/oblogout.nix
|
||||
|
101
nixos/modules/programs/nncp.nix
Normal file
101
nixos/modules/programs/nncp.nix
Normal file
@ -0,0 +1,101 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
nncpCfgFile = "/run/nncp.hjson";
|
||||
programCfg = config.programs.nncp;
|
||||
settingsFormat = pkgs.formats.json { };
|
||||
jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings;
|
||||
pkg = programCfg.package;
|
||||
in {
|
||||
options.programs.nncp = {
|
||||
|
||||
enable =
|
||||
mkEnableOption "NNCP (Node to Node copy) utilities and configuration";
|
||||
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = "uucp";
|
||||
description = ''
|
||||
The group under which NNCP files shall be owned.
|
||||
Any member of this group may access the secret keys
|
||||
of this NNCP node.
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.nncp;
|
||||
defaultText = literalExpression "pkgs.nncp";
|
||||
description = "The NNCP package to use system-wide.";
|
||||
};
|
||||
|
||||
secrets = mkOption {
|
||||
type = with types; listOf str;
|
||||
example = [ "/run/keys/nncp.hjson" ];
|
||||
description = ''
|
||||
A list of paths to NNCP configuration files that should not be
|
||||
in the Nix store. These files are layered on top of the values at
|
||||
<xref linkend="opt-programs.nncp.settings"/>.
|
||||
'';
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
type = settingsFormat.type;
|
||||
description = ''
|
||||
NNCP configuration, see
|
||||
<link xlink:href="http://www.nncpgo.org/Configuration.html"/>.
|
||||
At runtime these settings will be overlayed by the contents of
|
||||
<xref linkend="opt-programs.nncp.secrets"/> into the file
|
||||
<literal>${nncpCfgFile}</literal>. Node keypairs go in
|
||||
<literal>secrets</literal>, do not specify them in
|
||||
<literal>settings</literal> as they will be leaked into
|
||||
<literal>/nix/store</literal>!
|
||||
'';
|
||||
default = { };
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf programCfg.enable {
|
||||
|
||||
environment = {
|
||||
systemPackages = [ pkg ];
|
||||
etc."nncp.hjson".source = nncpCfgFile;
|
||||
};
|
||||
|
||||
programs.nncp.settings = {
|
||||
spool = mkDefault "/var/spool/nncp";
|
||||
log = mkDefault "/var/spool/nncp/log";
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${programCfg.settings.spool} 0770 root ${programCfg.group}"
|
||||
"f ${programCfg.settings.log} 0770 root ${programCfg.group}"
|
||||
];
|
||||
|
||||
systemd.services.nncp-config = {
|
||||
path = [ pkg ];
|
||||
description = "Generate NNCP configuration";
|
||||
wantedBy = [ "basic.target" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
script = ''
|
||||
umask u=rw
|
||||
nncpCfgDir=$(mktemp --directory nncp.XXX)
|
||||
for f in ${jsonCfgFile} ${toString config.programs.nncp.secrets}; do
|
||||
tmpdir=$(mktemp --directory nncp.XXX)
|
||||
nncp-cfgdir -cfg $f -dump $tmpdir
|
||||
find $tmpdir -size 1c -delete
|
||||
cp -a $tmpdir/* $nncpCfgDir/
|
||||
rm -rf $tmpdir
|
||||
done
|
||||
nncp-cfgdir -load $nncpCfgDir > ${nncpCfgFile}
|
||||
rm -rf $nncpCfgDir
|
||||
chgrp ${programCfg.group} ${nncpCfgFile}
|
||||
chmod g+r ${nncpCfgFile}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ ehmry ];
|
||||
}
|
Loading…
Reference in New Issue
Block a user