nixos/modules/programs/nncp.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / programs / nncp.nix
at 24.11-pre 2.8 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3let
 4  nncpCfgFile = "/run/nncp.hjson";
 5  programCfg = config.programs.nncp;
 6  settingsFormat = pkgs.formats.json { };
 7  jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings;
 8  pkg = programCfg.package;
 9in {
10  options.programs.nncp = {
11
12    enable =
13      lib.mkEnableOption "NNCP (Node to Node copy) utilities and configuration";
14
15    group = lib.mkOption {
16      type = lib.types.str;
17      default = "uucp";
18      description = ''
19        The group under which NNCP files shall be owned.
20        Any member of this group may access the secret keys
21        of this NNCP node.
22      '';
23    };
24
25    package = lib.mkPackageOption pkgs "nncp" { };
26
27    secrets = lib.mkOption {
28      type = with lib.types; listOf str;
29      example = [ "/run/keys/nncp.hjson" ];
30      description = ''
31        A list of paths to NNCP configuration files that should not be
32        in the Nix store. These files are layered on top of the values at
33        [](#opt-programs.nncp.settings).
34      '';
35    };
36
37    settings = lib.mkOption {
38      type = settingsFormat.type;
39      description = ''
40        NNCP configuration, see
41        <http://www.nncpgo.org/Configuration.html>.
42        At runtime these settings will be overlayed by the contents of
43        [](#opt-programs.nncp.secrets) into the file
44        `${nncpCfgFile}`. Node keypairs go in
45        `secrets`, do not specify them in
46        `settings` as they will be leaked into
47        `/nix/store`!
48      '';
49      default = { };
50    };
51
52  };
53
54  config = lib.mkIf programCfg.enable {
55
56    environment = {
57      systemPackages = [ pkg ];
58      etc."nncp.hjson".source = nncpCfgFile;
59    };
60
61    programs.nncp.settings = {
62      spool = lib.mkDefault "/var/spool/nncp";
63      log = lib.mkDefault "/var/spool/nncp/log";
64    };
65
66    systemd.tmpfiles.rules = [
67      "d ${programCfg.settings.spool} 0770 root ${programCfg.group}"
68      "f ${programCfg.settings.log} 0770 root ${programCfg.group}"
69    ];
70
71    systemd.services.nncp-config = {
72      path = [ pkg ];
73      description = "Generate NNCP configuration";
74      wantedBy = [ "basic.target" ];
75      serviceConfig.Type = "oneshot";
76      script = ''
77        umask u=rw
78        nncpCfgDir=$(mktemp --directory nncp.XXX)
79        for f in ${jsonCfgFile} ${builtins.toString config.programs.nncp.secrets}; do
80          tmpdir=$(mktemp --directory nncp.XXX)
81          nncp-cfgdir -cfg $f -dump $tmpdir
82          find $tmpdir -size 1c -delete
83          cp -a $tmpdir/* $nncpCfgDir/
84          rm -rf $tmpdir
85        done
86        nncp-cfgdir -load $nncpCfgDir > ${nncpCfgFile}
87        rm -rf $nncpCfgDir
88        chgrp ${programCfg.group} ${nncpCfgFile}
89        chmod g+r ${nncpCfgFile}
90      '';
91    };
92  };
93
94  meta.maintainers = with lib.maintainers; [ ehmry ];
95}