102 lines
2.9 KiB
Nix
102 lines
2.9 KiB
Nix
|
{ config, lib, pkgs, ... }:
|
||
|
|
||
|
with lib;
|
||
|
let
|
||
|
nncpCfgFile = "/run/nncp.hjson";
|
||
|
programCfg = config.programs.nncp;
|
||
|
settingsFormat = pkgs.formats.json { };
|
||
|
jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings;
|
||
|
pkg = programCfg.package;
|
||
|
in {
|
||
|
options.programs.nncp = {
|
||
|
|
||
|
enable =
|
||
|
mkEnableOption (lib.mdDoc "NNCP (Node to Node copy) utilities and configuration");
|
||
|
|
||
|
group = mkOption {
|
||
|
type = types.str;
|
||
|
default = "uucp";
|
||
|
description = lib.mdDoc ''
|
||
|
The group under which NNCP files shall be owned.
|
||
|
Any member of this group may access the secret keys
|
||
|
of this NNCP node.
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
package = mkOption {
|
||
|
type = types.package;
|
||
|
default = pkgs.nncp;
|
||
|
defaultText = literalExpression "pkgs.nncp";
|
||
|
description = lib.mdDoc "The NNCP package to use system-wide.";
|
||
|
};
|
||
|
|
||
|
secrets = mkOption {
|
||
|
type = with types; listOf str;
|
||
|
example = [ "/run/keys/nncp.hjson" ];
|
||
|
description = lib.mdDoc ''
|
||
|
A list of paths to NNCP configuration files that should not be
|
||
|
in the Nix store. These files are layered on top of the values at
|
||
|
[](#opt-programs.nncp.settings).
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
settings = mkOption {
|
||
|
type = settingsFormat.type;
|
||
|
description = lib.mdDoc ''
|
||
|
NNCP configuration, see
|
||
|
<http://www.nncpgo.org/Configuration.html>.
|
||
|
At runtime these settings will be overlayed by the contents of
|
||
|
[](#opt-programs.nncp.secrets) into the file
|
||
|
`${nncpCfgFile}`. Node keypairs go in
|
||
|
`secrets`, do not specify them in
|
||
|
`settings` as they will be leaked into
|
||
|
`/nix/store`!
|
||
|
'';
|
||
|
default = { };
|
||
|
};
|
||
|
|
||
|
};
|
||
|
|
||
|
config = mkIf programCfg.enable {
|
||
|
|
||
|
environment = {
|
||
|
systemPackages = [ pkg ];
|
||
|
etc."nncp.hjson".source = nncpCfgFile;
|
||
|
};
|
||
|
|
||
|
programs.nncp.settings = {
|
||
|
spool = mkDefault "/var/spool/nncp";
|
||
|
log = mkDefault "/var/spool/nncp/log";
|
||
|
};
|
||
|
|
||
|
systemd.tmpfiles.rules = [
|
||
|
"d ${programCfg.settings.spool} 0770 root ${programCfg.group}"
|
||
|
"f ${programCfg.settings.log} 0770 root ${programCfg.group}"
|
||
|
];
|
||
|
|
||
|
systemd.services.nncp-config = {
|
||
|
path = [ pkg ];
|
||
|
description = "Generate NNCP configuration";
|
||
|
wantedBy = [ "basic.target" ];
|
||
|
serviceConfig.Type = "oneshot";
|
||
|
script = ''
|
||
|
umask u=rw
|
||
|
nncpCfgDir=$(mktemp --directory nncp.XXX)
|
||
|
for f in ${jsonCfgFile} ${toString config.programs.nncp.secrets}; do
|
||
|
tmpdir=$(mktemp --directory nncp.XXX)
|
||
|
nncp-cfgdir -cfg $f -dump $tmpdir
|
||
|
find $tmpdir -size 1c -delete
|
||
|
cp -a $tmpdir/* $nncpCfgDir/
|
||
|
rm -rf $tmpdir
|
||
|
done
|
||
|
nncp-cfgdir -load $nncpCfgDir > ${nncpCfgFile}
|
||
|
rm -rf $nncpCfgDir
|
||
|
chgrp ${programCfg.group} ${nncpCfgFile}
|
||
|
chmod g+r ${nncpCfgFile}
|
||
|
'';
|
||
|
};
|
||
|
};
|
||
|
|
||
|
meta.maintainers = with lib.maintainers; [ ehmry ];
|
||
|
}
|