summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
authorlassulus <git@lassul.us>2023-05-25 14:39:06 +0200
committerlassulus <git@lassul.us>2023-05-25 14:39:06 +0200
commite629da17d5e22444549e4ed3c07e64158111214d (patch)
tree1195d26c9b0fb3e9112c8d0fb43afbbba19a5ec1 /krebs
parent6ebc5693d6a57233115d968723dd20961857920d (diff)
parent24b9fc11d6c9345d39a0ec0f97d58cdbdbde7f0c (diff)
Merge remote-tracking branch 'ni/master'
Diffstat (limited to 'krebs')
-rw-r--r--krebs/3modules/tinc.nix37
-rw-r--r--krebs/5pkgs/simple/cunicu.nix22
2 files changed, 32 insertions, 27 deletions
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index 52cdafe67..437f3b633 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -190,35 +190,16 @@ with import <stockholm/lib>;
default = 3;
};
- user = mkOption {
- type = types.user;
- default = {
- name = tinc.config.netname;
- home = "/var/lib/${tinc.config.user.name}";
- };
- defaultText = {
- name = "‹netname›";
- home = "/var/lib/‹netname›";
- };
+ username = mkOption {
+ type = types.username;
+ default = tinc.config.netname;
+ defaultText = literalExample "netname";
};
};
}));
};
config = {
- users.users = mapAttrs' (netname: cfg:
- nameValuePair "${netname}" {
- inherit (cfg.user) home name uid;
- createHome = true;
- isSystemUser = true;
- group = netname;
- }
- ) config.krebs.tinc;
-
- users.groups = mapAttrs' (netname: cfg:
- nameValuePair netname {}
- ) config.krebs.tinc;
-
krebs.systemd.services = mapAttrs (netname: cfg: {
restartIfCredentialsChange = true;
}) config.krebs.tinc;
@@ -238,11 +219,11 @@ with import <stockholm/lib>;
)
"rsa_key.priv:${cfg.privkey}"
];
- ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" ''
+ ExecStartPre = "+" + pkgs.writers.writeDash "init-tinc-${netname}" ''
set -efu
${pkgs.coreutils}/bin/mkdir -p /etc/tinc
${pkgs.rsync}/bin/rsync -Lacv --delete \
- --chown ${cfg.user.name} \
+ --chown ${cfg.username} \
--chmod u=rwX,g=rX \
--exclude='/*.priv' \
${cfg.confDir}/ /etc/tinc/${netname}/
@@ -255,14 +236,16 @@ with import <stockholm/lib>;
"$CREDENTIALS_DIRECTORY"/rsa_key.priv \
/etc/tinc/${netname}/
'';
- ExecStart = toString [
+ ExecStart = "+" + toString [
"${cfg.tincPackage}/sbin/tincd"
"-D"
- "-U ${cfg.user.name}"
+ "-U ${cfg.username}"
"-d 0"
"-n ${netname}"
];
SyslogIdentifier = netname;
+ DynamicUser = true;
+ User = cfg.username;
};
}) config.krebs.tinc;
};
diff --git a/krebs/5pkgs/simple/cunicu.nix b/krebs/5pkgs/simple/cunicu.nix
new file mode 100644
index 000000000..4375a760c
--- /dev/null
+++ b/krebs/5pkgs/simple/cunicu.nix
@@ -0,0 +1,22 @@
+{ lib, pkgs }:
+
+pkgs.buildGo120Module rec {
+ pname = "cunicu";
+ version = "g${lib.substring 0 7 src.rev}";
+
+ buildInputs = [
+ pkgs.libpcap
+ ];
+
+ # XXX tries to access https://relay.cunicu.li
+ doCheck = false;
+
+ src = pkgs.fetchFromGitHub {
+ owner = "stv0g";
+ repo = "cunicu";
+ rev = "3ed8109bef97a10a438e5658c41823b7f812db8e";
+ hash = "sha256-FpOJ6/jmnbpufc+kgKwlLtFhOcc2CTe+FvqeV8WEGMc=";
+ };
+
+ vendorHash = "sha256-eAawhJK9K8/7FCQiYMI9XCPePYsCVF045Di7SpRZvL4=";
+}