kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

nixos/tetrd: init

Browse Source
main
Madoura 2 years ago
parent 86018d741b
commit e16074e889
No known key found for this signature in database
GPG Key ID: 6267114016F9F869
3 changed files with 106 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
  2. 2
      nixos/doc/manual/release-notes/rl-2205.section.md
  3. 96
      nixos/modules/services/networking/tetrd.nix

8
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
Unescape View File

@ -81,6 +81,14 @@
<link xlink:href="options.html#opt-services.maddy.enable">services.maddy</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://tetrd.app">tetrd</link>, share your
internet connection from your device to your PC and vice versa
through a USB cable. Available at
<link linkend="opt-services.tetrd.enable">services.tetrd</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-incompatibilities">

2
nixos/doc/manual/release-notes/rl-2205.section.md
Unescape View File

@ -27,6 +27,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [maddy](https://maddy.email), a composable all-in-one mail server. Available as [services.maddy](options.html#opt-services.maddy.enable).
- [tetrd](https://tetrd.app), share your internet connection from your device to your PC and vice versa through a USB cable. Available at [services.tetrd](#opt-services.tetrd.enable).
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.

96
nixos/modules/services/networking/tetrd.nix
Unescape View File

@ -0,0 +1,96 @@
{ config, lib, pkgs, ... }:
{
options.services.tetrd.enable = lib.mkEnableOption pkgs.tetrd.meta.description;
config = lib.mkIf config.services.tetrd.enable {
environment = {
systemPackages = [ pkgs.tetrd ];
etc."resolv.conf".source = "/etc/tetrd/resolv.conf";
};
systemd = {
tmpfiles.rules = [ "f /etc/tetrd/resolv.conf - - -" ];
services.tetrd = {
description = pkgs.tetrd.meta.description;
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.tetrd}/opt/Tetrd/bin/tetrd";
Restart = "always";
RuntimeDirectory = "tetrd";
RootDirectory = "/run/tetrd";
DynamicUser = true;
UMask = "006";
DeviceAllow = "usb_device";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateMounts = true;
PrivateNetwork = lib.mkDefault false;
PrivateTmp = true;
PrivateUsers = lib.mkDefault false;
ProtectClock = lib.mkDefault false;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@aio"
"~@chown"
"~@clock"
"~@cpu-emulation"
"~@debug"
"~@keyring"
"~@memlock"
"~@module"
"~@mount"
"~@obsolete"
"~@pkey"
"~@raw-io"
"~@reboot"
"~@swap"
"~@sync"
];
BindReadOnlyPaths = [
builtins.storeDir
"/etc/ssl"
"/etc/static/ssl"
"${pkgs.nettools}/bin/route:/usr/bin/route"
"${pkgs.nettools}/bin/ifconfig:/usr/bin/ifconfig"
];
BindPaths = [
"/etc/tetrd/resolv.conf:/etc/resolv.conf"
"/run"
"/var/log"
];
CapabilityBoundingSet = [
"CAP_DAC_OVERRIDE"
"CAP_NET_ADMIN"
];
AmbientCapabilities = [
"CAP_DAC_OVERRIDE"
"CAP_NET_ADMIN"
];
};
};
};
};
}
Write Preview
Loading…
Cancel
Save