nixos/modules/programs/nncp.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / programs / nncp.nix
at 25.11-pre 2.6 kB view raw
 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7
 8let
 9  nncpCfgFile = "/run/nncp.hjson";
10  programCfg = config.programs.nncp;
11  settingsFormat = pkgs.formats.json { };
12  jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings;
13  pkg = programCfg.package;
14in
15{
16  options.programs.nncp = {
17
18    enable = lib.mkEnableOption "NNCP (Node to Node copy) utilities and configuration";
19
20    group = lib.mkOption {
21      type = lib.types.str;
22      default = "uucp";
23      description = ''
24        The group under which NNCP files shall be owned.
25        Any member of this group may access the secret keys
26        of this NNCP node.
27      '';
28    };
29
30    package = lib.mkPackageOption pkgs "nncp" { };
31
32    secrets = lib.mkOption {
33      type = with lib.types; listOf str;
34      example = [ "/run/keys/nncp.hjson" ];
35      description = ''
36        A list of paths to NNCP configuration files that should not be
37        in the Nix store. These files are layered on top of the values at
38        [](#opt-programs.nncp.settings).
39      '';
40    };
41
42    settings = lib.mkOption {
43      type = settingsFormat.type;
44      description = ''
45        NNCP configuration, see
46        <http://www.nncpgo.org/Configuration.html>.
47        At runtime these settings will be overlayed by the contents of
48        [](#opt-programs.nncp.secrets) into the file
49        `${nncpCfgFile}`. Node keypairs go in
50        `secrets`, do not specify them in
51        `settings` as they will be leaked into
52        `/nix/store`!
53      '';
54      default = { };
55    };
56
57  };
58
59  config = lib.mkIf programCfg.enable {
60
61    environment = {
62      systemPackages = [ pkg ];
63      etc."nncp.hjson".source = nncpCfgFile;
64    };
65
66    programs.nncp.settings = {
67      spool = lib.mkDefault "/var/spool/nncp";
68      log = lib.mkDefault "/var/spool/nncp/log";
69    };
70
71    systemd.tmpfiles.rules = [
72      "d ${programCfg.settings.spool} 0770 root ${programCfg.group}"
73      "f ${programCfg.settings.log} 0770 root ${programCfg.group}"
74    ];
75
76    systemd.services.nncp-config = {
77      path = [ pkg ];
78      description = "Generate NNCP configuration";
79      wantedBy = [ "basic.target" ];
80      serviceConfig.Type = "oneshot";
81      script = ''
82        umask 127
83        rm -f ${nncpCfgFile}
84        for f in ${jsonCfgFile} ${builtins.toString config.programs.nncp.secrets}
85        do
86          ${lib.getExe pkgs.hjson-go} -c <"$f"
87        done |${lib.getExe pkgs.jq} --slurp 'reduce .[] as $x ({}; . * $x)' >${nncpCfgFile}
88        chgrp ${programCfg.group} ${nncpCfgFile}
89      '';
90    };
91  };
92
93  meta.maintainers = with lib.maintainers; [ ehmry ];
94}