Merge remote-tracking branch 'ni/master'

This commit is contained in:
lassulus 2023-05-25 14:39:06 +02:00
commit e629da17d5
3 changed files with 35 additions and 27 deletions

View File

@ -190,35 +190,16 @@ with import <stockholm/lib>;
default = 3; default = 3;
}; };
user = mkOption { username = mkOption {
type = types.user; type = types.username;
default = { default = tinc.config.netname;
name = tinc.config.netname; defaultText = literalExample "netname";
home = "/var/lib/${tinc.config.user.name}";
};
defaultText = {
name = "netname";
home = "/var/lib/netname";
};
}; };
}; };
})); }));
}; };
config = { config = {
users.users = mapAttrs' (netname: cfg:
nameValuePair "${netname}" {
inherit (cfg.user) home name uid;
createHome = true;
isSystemUser = true;
group = netname;
}
) config.krebs.tinc;
users.groups = mapAttrs' (netname: cfg:
nameValuePair netname {}
) config.krebs.tinc;
krebs.systemd.services = mapAttrs (netname: cfg: { krebs.systemd.services = mapAttrs (netname: cfg: {
restartIfCredentialsChange = true; restartIfCredentialsChange = true;
}) config.krebs.tinc; }) config.krebs.tinc;
@ -238,11 +219,11 @@ with import <stockholm/lib>;
) )
"rsa_key.priv:${cfg.privkey}" "rsa_key.priv:${cfg.privkey}"
]; ];
ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" '' ExecStartPre = "+" + pkgs.writers.writeDash "init-tinc-${netname}" ''
set -efu set -efu
${pkgs.coreutils}/bin/mkdir -p /etc/tinc ${pkgs.coreutils}/bin/mkdir -p /etc/tinc
${pkgs.rsync}/bin/rsync -Lacv --delete \ ${pkgs.rsync}/bin/rsync -Lacv --delete \
--chown ${cfg.user.name} \ --chown ${cfg.username} \
--chmod u=rwX,g=rX \ --chmod u=rwX,g=rX \
--exclude='/*.priv' \ --exclude='/*.priv' \
${cfg.confDir}/ /etc/tinc/${netname}/ ${cfg.confDir}/ /etc/tinc/${netname}/
@ -255,14 +236,16 @@ with import <stockholm/lib>;
"$CREDENTIALS_DIRECTORY"/rsa_key.priv \ "$CREDENTIALS_DIRECTORY"/rsa_key.priv \
/etc/tinc/${netname}/ /etc/tinc/${netname}/
''; '';
ExecStart = toString [ ExecStart = "+" + toString [
"${cfg.tincPackage}/sbin/tincd" "${cfg.tincPackage}/sbin/tincd"
"-D" "-D"
"-U ${cfg.user.name}" "-U ${cfg.username}"
"-d 0" "-d 0"
"-n ${netname}" "-n ${netname}"
]; ];
SyslogIdentifier = netname; SyslogIdentifier = netname;
DynamicUser = true;
User = cfg.username;
}; };
}) config.krebs.tinc; }) config.krebs.tinc;
}; };

View File

@ -0,0 +1,22 @@
{ lib, pkgs }:
pkgs.buildGo120Module rec {
pname = "cunicu";
version = "g${lib.substring 0 7 src.rev}";
buildInputs = [
pkgs.libpcap
];
# XXX tries to access https://relay.cunicu.li
doCheck = false;
src = pkgs.fetchFromGitHub {
owner = "stv0g";
repo = "cunicu";
rev = "3ed8109bef97a10a438e5658c41823b7f812db8e";
hash = "sha256-FpOJ6/jmnbpufc+kgKwlLtFhOcc2CTe+FvqeV8WEGMc=";
};
vendorHash = "sha256-eAawhJK9K8/7FCQiYMI9XCPePYsCVF045Di7SpRZvL4=";
}

View File

@ -96,6 +96,9 @@ with import ./lib;
nix-writers = { nix-writers = {
cgit.desc = "collection of package builders"; cgit.desc = "collection of package builders";
}; };
nixpkgs = {
cgit.desc = "Nix Packages collection";
};
pager = { pager = {
}; };
populate = { populate = {