The NNCP utilities read a configuration at "/etc/nncp.hjson" by default. Add a NixOS module for generating this configuration.main
Emery Hemingway
2 years ago
committed by
ehmry
parent
ad15abe7ff
commit
4ec35ff6d6
@ -0,0 +1,101 @@ |
||||
{ config, lib, pkgs, ... }: |
||||
|
||||
with lib; |
||||
let |
||||
nncpCfgFile = "/run/nncp.hjson"; |
||||
programCfg = config.programs.nncp; |
||||
settingsFormat = pkgs.formats.json { }; |
||||
jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings; |
||||
pkg = programCfg.package; |
||||
in { |
||||
options.programs.nncp = { |
||||
|
||||
enable = |
||||
mkEnableOption "NNCP (Node to Node copy) utilities and configuration"; |
||||
|
||||
group = mkOption { |
||||
type = types.str; |
||||
default = "uucp"; |
||||
description = '' |
||||
The group under which NNCP files shall be owned. |
||||
Any member of this group may access the secret keys |
||||
of this NNCP node. |
||||
''; |
||||
}; |
||||
|
||||
package = mkOption { |
||||
type = types.package; |
||||
default = pkgs.nncp; |
||||
defaultText = literalExpression "pkgs.nncp"; |
||||
description = "The NNCP package to use system-wide."; |
||||
}; |
||||
|
||||
secrets = mkOption { |
||||
type = with types; listOf str; |
||||
example = [ "/run/keys/nncp.hjson" ]; |
||||
description = '' |
||||
A list of paths to NNCP configuration files that should not be |
||||
in the Nix store. These files are layered on top of the values at |
||||
<xref linkend="opt-programs.nncp.settings"/>. |
||||
''; |
||||
}; |
||||
|
||||
settings = mkOption { |
||||
type = settingsFormat.type; |
||||
description = '' |
||||
NNCP configuration, see |
||||
<link xlink:href="http://www.nncpgo.org/Configuration.html"/>. |
||||
At runtime these settings will be overlayed by the contents of |
||||
<xref linkend="opt-programs.nncp.secrets"/> into the file |
||||
<literal>${nncpCfgFile}</literal>. Node keypairs go in |
||||
<literal>secrets</literal>, do not specify them in |
||||
<literal>settings</literal> as they will be leaked into |
||||
<literal>/nix/store</literal>! |
||||
''; |
||||
default = { }; |
||||
}; |
||||
|
||||
}; |
||||
|
||||
config = mkIf programCfg.enable { |
||||
|
||||
environment = { |
||||
systemPackages = [ pkg ]; |
||||
etc."nncp.hjson".source = nncpCfgFile; |
||||
}; |
||||
|
||||
programs.nncp.settings = { |
||||
spool = mkDefault "/var/spool/nncp"; |
||||
log = mkDefault "/var/spool/nncp/log"; |
||||
}; |
||||
|
||||
systemd.tmpfiles.rules = [ |
||||
"d ${programCfg.settings.spool} 0770 root ${programCfg.group}" |
||||
"f ${programCfg.settings.log} 0770 root ${programCfg.group}" |
||||
]; |
||||
|
||||
systemd.services.nncp-config = { |
||||
path = [ pkg ]; |
||||
description = "Generate NNCP configuration"; |
||||
wantedBy = [ "basic.target" ]; |
||||
serviceConfig.Type = "oneshot"; |
||||
script = '' |
||||
umask u=rw |
||||
nncpCfgDir=$(mktemp --directory nncp.XXX) |
||||
for f in ${jsonCfgFile} ${toString config.programs.nncp.secrets}; do |
||||
tmpdir=$(mktemp --directory nncp.XXX) |
||||
nncp-cfgdir -cfg $f -dump $tmpdir |
||||
find $tmpdir -size 1c -delete |
||||
cp -a $tmpdir/* $nncpCfgDir/ |
||||
rm -rf $tmpdir |
||||
done |
||||
nncp-cfgdir -load $nncpCfgDir > ${nncpCfgFile} |
||||
rm -rf $nncpCfgDir |
||||
chgrp ${programCfg.group} ${nncpCfgFile} |
||||
chmod g+r ${nncpCfgFile} |
||||
''; |
||||
}; |
||||
}; |
||||
|
||||
meta.maintainers = with lib.maintainers; [ ehmry ]; |
||||
} |
||||
Loading…
Reference in new issue