diff options
author | lassulus <git@lassul.us> | 2023-05-25 14:39:06 +0200 |
---|---|---|
committer | lassulus <git@lassul.us> | 2023-05-25 14:39:06 +0200 |
commit | e629da17d5e22444549e4ed3c07e64158111214d (patch) | |
tree | 1195d26c9b0fb3e9112c8d0fb43afbbba19a5ec1 /krebs | |
parent | 6ebc5693d6a57233115d968723dd20961857920d (diff) | |
parent | 24b9fc11d6c9345d39a0ec0f97d58cdbdbde7f0c (diff) |
Merge remote-tracking branch 'ni/master'
Diffstat (limited to 'krebs')
-rw-r--r-- | krebs/3modules/tinc.nix | 37 | ||||
-rw-r--r-- | krebs/5pkgs/simple/cunicu.nix | 22 |
2 files changed, 32 insertions, 27 deletions
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 52cdafe67..437f3b633 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -190,35 +190,16 @@ with import <stockholm/lib>; default = 3; }; - user = mkOption { - type = types.user; - default = { - name = tinc.config.netname; - home = "/var/lib/${tinc.config.user.name}"; - }; - defaultText = { - name = "‹netname›"; - home = "/var/lib/‹netname›"; - }; + username = mkOption { + type = types.username; + default = tinc.config.netname; + defaultText = literalExample "netname"; }; }; })); }; config = { - users.users = mapAttrs' (netname: cfg: - nameValuePair "${netname}" { - inherit (cfg.user) home name uid; - createHome = true; - isSystemUser = true; - group = netname; - } - ) config.krebs.tinc; - - users.groups = mapAttrs' (netname: cfg: - nameValuePair netname {} - ) config.krebs.tinc; - krebs.systemd.services = mapAttrs (netname: cfg: { restartIfCredentialsChange = true; }) config.krebs.tinc; @@ -238,11 +219,11 @@ with import <stockholm/lib>; ) "rsa_key.priv:${cfg.privkey}" ]; - ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" '' + ExecStartPre = "+" + pkgs.writers.writeDash "init-tinc-${netname}" '' set -efu ${pkgs.coreutils}/bin/mkdir -p /etc/tinc ${pkgs.rsync}/bin/rsync -Lacv --delete \ - --chown ${cfg.user.name} \ + --chown ${cfg.username} \ --chmod u=rwX,g=rX \ --exclude='/*.priv' \ ${cfg.confDir}/ /etc/tinc/${netname}/ @@ -255,14 +236,16 @@ with import <stockholm/lib>; "$CREDENTIALS_DIRECTORY"/rsa_key.priv \ /etc/tinc/${netname}/ ''; - ExecStart = toString [ + ExecStart = "+" + toString [ "${cfg.tincPackage}/sbin/tincd" "-D" - "-U ${cfg.user.name}" + "-U ${cfg.username}" "-d 0" "-n ${netname}" ]; SyslogIdentifier = netname; + DynamicUser = true; + User = cfg.username; }; }) config.krebs.tinc; }; diff --git a/krebs/5pkgs/simple/cunicu.nix b/krebs/5pkgs/simple/cunicu.nix new file mode 100644 index 000000000..4375a760c --- /dev/null +++ b/krebs/5pkgs/simple/cunicu.nix @@ -0,0 +1,22 @@ +{ lib, pkgs }: + +pkgs.buildGo120Module rec { + pname = "cunicu"; + version = "g${lib.substring 0 7 src.rev}"; + + buildInputs = [ + pkgs.libpcap + ]; + + # XXX tries to access https://relay.cunicu.li + doCheck = false; + + src = pkgs.fetchFromGitHub { + owner = "stv0g"; + repo = "cunicu"; + rev = "3ed8109bef97a10a438e5658c41823b7f812db8e"; + hash = "sha256-FpOJ6/jmnbpufc+kgKwlLtFhOcc2CTe+FvqeV8WEGMc="; + }; + + vendorHash = "sha256-eAawhJK9K8/7FCQiYMI9XCPePYsCVF045Di7SpRZvL4="; +} |