Merge remote-tracking branch 'ni/master'

2023-05-25 14:39:06 +02:00 · 2023-05-25 14:39:06 +02:00 · e629da17d5
parent 6ebc5693d6 24b9fc11d6
commit e629da17d5
3 changed files with 35 additions and 27 deletions
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@ -190,35 +190,16 @@ with import <stockholm/lib>;
          default = 3;
        };

-        user = mkOption {
-          type = types.user;
-          default = {
-            name = tinc.config.netname;
-            home = "/var/lib/${tinc.config.user.name}";
-          };
-          defaultText = {
-            name = "‹netname›";
-            home = "/var/lib/‹netname›";
-          };
+        username = mkOption {
+          type = types.username;
+          default = tinc.config.netname;
+          defaultText = literalExample "netname";
        };
      };
    }));
  };

  config = {
-    users.users = mapAttrs' (netname: cfg:
-      nameValuePair "${netname}" {
-        inherit (cfg.user) home name uid;
-        createHome = true;
-        isSystemUser = true;
-        group = netname;
-      }
-    ) config.krebs.tinc;
-
-    users.groups = mapAttrs' (netname: cfg:
-      nameValuePair netname {}
-    ) config.krebs.tinc;
-
    krebs.systemd.services = mapAttrs (netname: cfg: {
      restartIfCredentialsChange = true;
    }) config.krebs.tinc;
@ -238,11 +219,11 @@ with import <stockholm/lib>;
          )
          "rsa_key.priv:${cfg.privkey}"
        ];
-        ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" ''
+        ExecStartPre = "+" + pkgs.writers.writeDash "init-tinc-${netname}" ''
          set -efu
          ${pkgs.coreutils}/bin/mkdir -p /etc/tinc
          ${pkgs.rsync}/bin/rsync -Lacv --delete \
-            --chown ${cfg.user.name} \
+            --chown ${cfg.username} \
            --chmod u=rwX,g=rX \
            --exclude='/*.priv' \
            ${cfg.confDir}/ /etc/tinc/${netname}/
@ -255,14 +236,16 @@ with import <stockholm/lib>;
              "$CREDENTIALS_DIRECTORY"/rsa_key.priv \
              /etc/tinc/${netname}/
        '';
-        ExecStart = toString [
+        ExecStart = "+" + toString [
          "${cfg.tincPackage}/sbin/tincd"
          "-D"
-          "-U ${cfg.user.name}"
+          "-U ${cfg.username}"
          "-d 0"
          "-n ${netname}"
        ];
        SyslogIdentifier = netname;
+        DynamicUser = true;
+        User = cfg.username;
      };
    }) config.krebs.tinc;
  };
--- a/krebs/5pkgs/simple/cunicu.nix
+++ b/krebs/5pkgs/simple/cunicu.nix
@ -0,0 +1,22 @@
+{ lib, pkgs }:
+
+pkgs.buildGo120Module rec {
+  pname = "cunicu";
+  version = "g${lib.substring 0 7 src.rev}";
+
+  buildInputs = [
+    pkgs.libpcap
+  ];
+
+  # XXX tries to access https://relay.cunicu.li
+  doCheck = false;
+
+  src = pkgs.fetchFromGitHub {
+    owner = "stv0g";
+    repo = "cunicu";
+    rev = "3ed8109bef97a10a438e5658c41823b7f812db8e";
+    hash = "sha256-FpOJ6/jmnbpufc+kgKwlLtFhOcc2CTe+FvqeV8WEGMc=";
+  };
+
+  vendorHash = "sha256-eAawhJK9K8/7FCQiYMI9XCPePYsCVF045Di7SpRZvL4=";
+}
--- a/tv/2configs/gitrepos.nix
+++ b/tv/2configs/gitrepos.nix
@ -96,6 +96,9 @@ with import ./lib;
    nix-writers = {
      cgit.desc = "collection of package builders";
    };
+    nixpkgs = {
+      cgit.desc = "Nix Packages collection";
+    };
    pager = {
    };
    populate = {