Merge remote-tracking branch 'ni/master'

This commit is contained in:
lassulus 2023-05-25 14:39:06 +02:00
commit e629da17d5
3 changed files with 35 additions and 27 deletions

View File

@ -190,35 +190,16 @@ with import <stockholm/lib>;
default = 3;
};
user = mkOption {
type = types.user;
default = {
name = tinc.config.netname;
home = "/var/lib/${tinc.config.user.name}";
};
defaultText = {
name = "netname";
home = "/var/lib/netname";
};
username = mkOption {
type = types.username;
default = tinc.config.netname;
defaultText = literalExample "netname";
};
};
}));
};
config = {
users.users = mapAttrs' (netname: cfg:
nameValuePair "${netname}" {
inherit (cfg.user) home name uid;
createHome = true;
isSystemUser = true;
group = netname;
}
) config.krebs.tinc;
users.groups = mapAttrs' (netname: cfg:
nameValuePair netname {}
) config.krebs.tinc;
krebs.systemd.services = mapAttrs (netname: cfg: {
restartIfCredentialsChange = true;
}) config.krebs.tinc;
@ -238,11 +219,11 @@ with import <stockholm/lib>;
)
"rsa_key.priv:${cfg.privkey}"
];
ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" ''
ExecStartPre = "+" + pkgs.writers.writeDash "init-tinc-${netname}" ''
set -efu
${pkgs.coreutils}/bin/mkdir -p /etc/tinc
${pkgs.rsync}/bin/rsync -Lacv --delete \
--chown ${cfg.user.name} \
--chown ${cfg.username} \
--chmod u=rwX,g=rX \
--exclude='/*.priv' \
${cfg.confDir}/ /etc/tinc/${netname}/
@ -255,14 +236,16 @@ with import <stockholm/lib>;
"$CREDENTIALS_DIRECTORY"/rsa_key.priv \
/etc/tinc/${netname}/
'';
ExecStart = toString [
ExecStart = "+" + toString [
"${cfg.tincPackage}/sbin/tincd"
"-D"
"-U ${cfg.user.name}"
"-U ${cfg.username}"
"-d 0"
"-n ${netname}"
];
SyslogIdentifier = netname;
DynamicUser = true;
User = cfg.username;
};
}) config.krebs.tinc;
};

View File

@ -0,0 +1,22 @@
{ lib, pkgs }:
pkgs.buildGo120Module rec {
pname = "cunicu";
version = "g${lib.substring 0 7 src.rev}";
buildInputs = [
pkgs.libpcap
];
# XXX tries to access https://relay.cunicu.li
doCheck = false;
src = pkgs.fetchFromGitHub {
owner = "stv0g";
repo = "cunicu";
rev = "3ed8109bef97a10a438e5658c41823b7f812db8e";
hash = "sha256-FpOJ6/jmnbpufc+kgKwlLtFhOcc2CTe+FvqeV8WEGMc=";
};
vendorHash = "sha256-eAawhJK9K8/7FCQiYMI9XCPePYsCVF045Di7SpRZvL4=";
}

View File

@ -96,6 +96,9 @@ with import ./lib;
nix-writers = {
cgit.desc = "collection of package builders";
};
nixpkgs = {
cgit.desc = "Nix Packages collection";
};
pager = {
};
populate = {