NNCP and NixOS - Emery Hemingway

public inbox for nncp-devel@lists.cypherpunks.ru
Atom feed

From: Emery Hemingway <ehmry@posteo•net>
To: <nncp-devel@lists.cypherpunks.ru>
Subject: NNCP and NixOS
Date: Sat, 18 Dec 2021 14:36:42 +0000	[thread overview]
Message-ID: <6e011b6c-ec16-4d63-b4b3-5b1a510493fa@posteo.net> (raw)

Hi,

I've been using NNCP on NixOS and I've been trying to find a way to
express some of the NNCP configuration within the NixOS system
configuration[1]. I would prefer to do it this way because I already
keep ssh-keys and static IP address mappings in the Nix configuration.
I do this for all my machines and my hackspace does the same for our
machines, and we distribute this with git. Naturally it would be nice
to configure NNCP nodes and relays in the same way

The problem now is that I need to split the private keys from the rest
of the configuration. As a rule we do not include sensitive information
directly into the Nix configuration to be sure that it is not leaked
during distributed builds and because everything built by Nix is world-
readable on the file-system.

I have managed to split this by converting Nix and HJSON to plain JSON
and merging with the jq utility[2], but this feels a bit fragile. It
would be nice to iterate over a few JSON formatted files and convert
them to a configuration directory, but nncp-cfgdir does not like configs
without "self" sections.

What would be a recommended way to stitch together pieces of
configuration? I'm willing to try and implement new features if that is
appropriate. Also, what are best practices for daemon permissions? I
have been using a dedicated "nncp" user and group.

Cheers,
Emery

1: 
https://nixos.org/manual/nixos/stable/index.html#sec-configuration-syntax
2: 
https://github.com/ehmry/nixpkgs/blob/8d45e389e1daf9feb2098a0d213350d9b4ece3ec/nixos/modules/services/networking/nncp.nix#L101

next             reply	other threads:[~2021-12-18 14:55 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-18 14:36 Emery Hemingway [this message]
2021-12-20 19:41 ` NNCP and NixOS Sergey Matveev