public inbox for nncp-devel@lists.cypherpunks.ru
Atom feed
* NNCP and NixOS
@ 2021-12-18 14:36 Emery Hemingway
  2021-12-20 19:41 ` Sergey Matveev
  0 siblings, 1 reply; 2+ messages in thread
From: Emery Hemingway @ 2021-12-18 14:36 UTC (permalink / raw)
  To: nncp-devel

Hi,

I've been using NNCP on NixOS and I've been trying to find a way to
express some of the NNCP configuration within the NixOS system
configuration[1]. I would prefer to do it this way because I already
keep ssh-keys and static IP address mappings in the Nix configuration.
I do this for all my machines and my hackspace does the same for our
machines, and we distribute this with git. Naturally it would be nice
to configure NNCP nodes and relays in the same way

The problem now is that I need to split the private keys from the rest
of the configuration. As a rule we do not include sensitive information
directly into the Nix configuration to be sure that it is not leaked
during distributed builds and because everything built by Nix is world-
readable on the file-system.

I have managed to split this by converting Nix and HJSON to plain JSON
and merging with the jq utility[2], but this feels a bit fragile. It
would be nice to iterate over a few JSON formatted files and convert
them to a configuration directory, but nncp-cfgdir does not like configs
without "self" sections.

What would be a recommended way to stitch together pieces of
configuration? I'm willing to try and implement new features if that is
appropriate. Also, what are best practices for daemon permissions? I
have been using a dedicated "nncp" user and group.

Cheers,
Emery

1: 
https://nixos.org/manual/nixos/stable/index.html#sec-configuration-syntax
2: 
https://github.com/ehmry/nixpkgs/blob/8d45e389e1daf9feb2098a0d213350d9b4ece3ec/nixos/modules/services/networking/nncp.nix#L101


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: NNCP and NixOS
  2021-12-18 14:36 NNCP and NixOS Emery Hemingway
@ 2021-12-20 19:41 ` Sergey Matveev
  0 siblings, 0 replies; 2+ messages in thread
From: Sergey Matveev @ 2021-12-20 19:41 UTC (permalink / raw)
  To: Emery Hemingway; +Cc: nncp-devel

[-- Attachment #1: Type: text/plain, Size: 1389 bytes --]

Greetings!

*** Emery Hemingway [2021-12-18 14:36]:
>I have managed to split this by converting Nix and HJSON to plain JSON
>and merging with the jq utility[2], but this feels a bit fragile. It
>would be nice to iterate over a few JSON formatted files and convert
>them to a configuration directory, but nncp-cfgdir does not like configs
>without "self" sections.

I will check that further, but of course nncp-cfgdir should respect
possibility of "self" missing, like nncp-cfgmin natively does. I will
fix that possibly on holidays.

I agree that juggling with JSON/Hjson is not convenient and fragile way,
that is why I wrote cfgdir-feature, but honestly personally use Hjson
everywhere. But I believe it should be the most convenient way to deal
with configuration non-manually.

>Also, what are best practices for daemon permissions? I
>have been using a dedicated "nncp" user and group.

Personally I do not have any recommendations -- do as you wish, as you
are comfortable with. As I can see, people use NNCP pretty differently
everywhere. On most systems I run nncp utilities from "stargrave" user I
am working under. On some I created separate nncp-group and placed some
users under it: http://www.nncpgo.org/Administration.html#Shared-spool

-- 
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263  6422 AE1A 8109 E498 57EF

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-12-20 19:41 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-18 14:36 NNCP and NixOS Emery Hemingway
2021-12-20 19:41 ` Sergey Matveev