nixos/modules/programs/nncp.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / programs / nncp.nix
at 23.11-pre 3.0 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4let
  5  nncpCfgFile = "/run/nncp.hjson";
  6  programCfg = config.programs.nncp;
  7  settingsFormat = pkgs.formats.json { };
  8  jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings;
  9  pkg = programCfg.package;
 10in {
 11  options.programs.nncp = {
 12
 13    enable =
 14      mkEnableOption (lib.mdDoc "NNCP (Node to Node copy) utilities and configuration");
 15
 16    group = mkOption {
 17      type = types.str;
 18      default = "uucp";
 19      description = lib.mdDoc ''
 20        The group under which NNCP files shall be owned.
 21        Any member of this group may access the secret keys
 22        of this NNCP node.
 23      '';
 24    };
 25
 26    package = mkOption {
 27      type = types.package;
 28      default = pkgs.nncp;
 29      defaultText = literalExpression "pkgs.nncp";
 30      description = lib.mdDoc "The NNCP package to use system-wide.";
 31    };
 32
 33    secrets = mkOption {
 34      type = with types; listOf str;
 35      example = [ "/run/keys/nncp.hjson" ];
 36      description = lib.mdDoc ''
 37        A list of paths to NNCP configuration files that should not be
 38        in the Nix store. These files are layered on top of the values at
 39        [](#opt-programs.nncp.settings).
 40      '';
 41    };
 42
 43    settings = mkOption {
 44      type = settingsFormat.type;
 45      description = lib.mdDoc ''
 46        NNCP configuration, see
 47        <http://www.nncpgo.org/Configuration.html>.
 48        At runtime these settings will be overlayed by the contents of
 49        [](#opt-programs.nncp.secrets) into the file
 50        `${nncpCfgFile}`. Node keypairs go in
 51        `secrets`, do not specify them in
 52        `settings` as they will be leaked into
 53        `/nix/store`!
 54      '';
 55      default = { };
 56    };
 57
 58  };
 59
 60  config = mkIf programCfg.enable {
 61
 62    environment = {
 63      systemPackages = [ pkg ];
 64      etc."nncp.hjson".source = nncpCfgFile;
 65    };
 66
 67    programs.nncp.settings = {
 68      spool = mkDefault "/var/spool/nncp";
 69      log = mkDefault "/var/spool/nncp/log";
 70    };
 71
 72    systemd.tmpfiles.rules = [
 73      "d ${programCfg.settings.spool} 0770 root ${programCfg.group}"
 74      "f ${programCfg.settings.log} 0770 root ${programCfg.group}"
 75    ];
 76
 77    systemd.services.nncp-config = {
 78      path = [ pkg ];
 79      description = "Generate NNCP configuration";
 80      wantedBy = [ "basic.target" ];
 81      serviceConfig.Type = "oneshot";
 82      script = ''
 83        umask u=rw
 84        nncpCfgDir=$(mktemp --directory nncp.XXX)
 85        for f in ${jsonCfgFile} ${toString config.programs.nncp.secrets}; do
 86          tmpdir=$(mktemp --directory nncp.XXX)
 87          nncp-cfgdir -cfg $f -dump $tmpdir
 88          find $tmpdir -size 1c -delete
 89          cp -a $tmpdir/* $nncpCfgDir/
 90          rm -rf $tmpdir
 91        done
 92        nncp-cfgdir -load $nncpCfgDir > ${nncpCfgFile}
 93        rm -rf $nncpCfgDir
 94        chgrp ${programCfg.group} ${nncpCfgFile}
 95        chmod g+r ${nncpCfgFile}
 96      '';
 97    };
 98  };
 99
100  meta.maintainers = with lib.maintainers; [ ehmry ];
101}