From 882bbfd606fd65f36951967a530d914a08f1b9a6 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 15 May 2023 12:07:53 +0200 Subject: [PATCH 1/3] tv gitrepos: add nixpkgs --- tv/2configs/gitrepos.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index eb87f26d1..58dffe6a6 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -96,6 +96,9 @@ with import ./lib; nix-writers = { cgit.desc = "collection of package builders"; }; + nixpkgs = { + cgit.desc = "Nix Packages collection"; + }; pager = { }; populate = { From e3c8492f30a2c73acfb43478d8ceb8c38d7fa777 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 15 May 2023 13:31:19 +0200 Subject: [PATCH 2/3] tinc: use DynamicUser --- krebs/3modules/tinc.nix | 37 ++++++++++--------------------------- 1 file changed, 10 insertions(+), 27 deletions(-) diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 52cdafe67..437f3b633 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -190,35 +190,16 @@ with import ; default = 3; }; - user = mkOption { - type = types.user; - default = { - name = tinc.config.netname; - home = "/var/lib/${tinc.config.user.name}"; - }; - defaultText = { - name = "‹netname›"; - home = "/var/lib/‹netname›"; - }; + username = mkOption { + type = types.username; + default = tinc.config.netname; + defaultText = literalExample "netname"; }; }; })); }; config = { - users.users = mapAttrs' (netname: cfg: - nameValuePair "${netname}" { - inherit (cfg.user) home name uid; - createHome = true; - isSystemUser = true; - group = netname; - } - ) config.krebs.tinc; - - users.groups = mapAttrs' (netname: cfg: - nameValuePair netname {} - ) config.krebs.tinc; - krebs.systemd.services = mapAttrs (netname: cfg: { restartIfCredentialsChange = true; }) config.krebs.tinc; @@ -238,11 +219,11 @@ with import ; ) "rsa_key.priv:${cfg.privkey}" ]; - ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" '' + ExecStartPre = "+" + pkgs.writers.writeDash "init-tinc-${netname}" '' set -efu ${pkgs.coreutils}/bin/mkdir -p /etc/tinc ${pkgs.rsync}/bin/rsync -Lacv --delete \ - --chown ${cfg.user.name} \ + --chown ${cfg.username} \ --chmod u=rwX,g=rX \ --exclude='/*.priv' \ ${cfg.confDir}/ /etc/tinc/${netname}/ @@ -255,14 +236,16 @@ with import ; "$CREDENTIALS_DIRECTORY"/rsa_key.priv \ /etc/tinc/${netname}/ ''; - ExecStart = toString [ + ExecStart = "+" + toString [ "${cfg.tincPackage}/sbin/tincd" "-D" - "-U ${cfg.user.name}" + "-U ${cfg.username}" "-d 0" "-n ${netname}" ]; SyslogIdentifier = netname; + DynamicUser = true; + User = cfg.username; }; }) config.krebs.tinc; }; From 24b9fc11d6c9345d39a0ec0f97d58cdbdbde7f0c Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 25 May 2023 13:17:57 +0200 Subject: [PATCH 3/3] cunicu: init at g3ed8109 --- krebs/5pkgs/simple/cunicu.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 krebs/5pkgs/simple/cunicu.nix diff --git a/krebs/5pkgs/simple/cunicu.nix b/krebs/5pkgs/simple/cunicu.nix new file mode 100644 index 000000000..4375a760c --- /dev/null +++ b/krebs/5pkgs/simple/cunicu.nix @@ -0,0 +1,22 @@ +{ lib, pkgs }: + +pkgs.buildGo120Module rec { + pname = "cunicu"; + version = "g${lib.substring 0 7 src.rev}"; + + buildInputs = [ + pkgs.libpcap + ]; + + # XXX tries to access https://relay.cunicu.li + doCheck = false; + + src = pkgs.fetchFromGitHub { + owner = "stv0g"; + repo = "cunicu"; + rev = "3ed8109bef97a10a438e5658c41823b7f812db8e"; + hash = "sha256-FpOJ6/jmnbpufc+kgKwlLtFhOcc2CTe+FvqeV8WEGMc="; + }; + + vendorHash = "sha256-eAawhJK9K8/7FCQiYMI9XCPePYsCVF045Di7SpRZvL4="; +}