diff options
Diffstat (limited to 'krebs/3modules')
-rw-r--r-- | krebs/3modules/konsens.nix | 7 | ||||
-rw-r--r-- | krebs/3modules/tinc.nix | 37 |
2 files changed, 16 insertions, 28 deletions
diff --git a/krebs/3modules/konsens.nix b/krebs/3modules/konsens.nix index 439bcc7f4..81dbb33e1 100644 --- a/krebs/3modules/konsens.nix +++ b/krebs/3modules/konsens.nix @@ -60,12 +60,17 @@ let systemd.services = mapAttrs' (name: repo: nameValuePair "konsens-${name}" { after = [ "network.target" ]; - path = [ pkgs.git ]; + path = [ + pkgs.git + pkgs.openssh + ]; restartIfChanged = false; serviceConfig = { Type = "simple"; PermissionsStartOnly = true; ExecStart = pkgs.writeDash "konsens-${name}" '' + set -efu + git config --global --replace-all safe.directory * if ! test -e ${name}; then git clone ${repo.url} ${name} fi diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 52cdafe67..437f3b633 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -190,35 +190,16 @@ with import <stockholm/lib>; default = 3; }; - user = mkOption { - type = types.user; - default = { - name = tinc.config.netname; - home = "/var/lib/${tinc.config.user.name}"; - }; - defaultText = { - name = "‹netname›"; - home = "/var/lib/‹netname›"; - }; + username = mkOption { + type = types.username; + default = tinc.config.netname; + defaultText = literalExample "netname"; }; }; })); }; config = { - users.users = mapAttrs' (netname: cfg: - nameValuePair "${netname}" { - inherit (cfg.user) home name uid; - createHome = true; - isSystemUser = true; - group = netname; - } - ) config.krebs.tinc; - - users.groups = mapAttrs' (netname: cfg: - nameValuePair netname {} - ) config.krebs.tinc; - krebs.systemd.services = mapAttrs (netname: cfg: { restartIfCredentialsChange = true; }) config.krebs.tinc; @@ -238,11 +219,11 @@ with import <stockholm/lib>; ) "rsa_key.priv:${cfg.privkey}" ]; - ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" '' + ExecStartPre = "+" + pkgs.writers.writeDash "init-tinc-${netname}" '' set -efu ${pkgs.coreutils}/bin/mkdir -p /etc/tinc ${pkgs.rsync}/bin/rsync -Lacv --delete \ - --chown ${cfg.user.name} \ + --chown ${cfg.username} \ --chmod u=rwX,g=rX \ --exclude='/*.priv' \ ${cfg.confDir}/ /etc/tinc/${netname}/ @@ -255,14 +236,16 @@ with import <stockholm/lib>; "$CREDENTIALS_DIRECTORY"/rsa_key.priv \ /etc/tinc/${netname}/ ''; - ExecStart = toString [ + ExecStart = "+" + toString [ "${cfg.tincPackage}/sbin/tincd" "-D" - "-U ${cfg.user.name}" + "-U ${cfg.username}" "-d 0" "-n ${netname}" ]; SyslogIdentifier = netname; + DynamicUser = true; + User = cfg.username; }; }) config.krebs.tinc; }; |