...

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-10-19 18:35:21 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-10-19 18:35:21 +0200
commit: 98c835409ab1c488f55fa47162c709b51f260c34 (patch)
tree: 991a97f1b40be6e0280ff7783693a2fab41bcb8b
parent: 5f54ce9175debe1776fc967e0a84199c016576ca (diff)
download: nixos-98c835409ab1c488f55fa47162c709b51f260c34.tar
nixos-98c835409ab1c488f55fa47162c709b51f260c34.tar.gz
nixos-98c835409ab1c488f55fa47162c709b51f260c34.tar.bz2
nixos-98c835409ab1c488f55fa47162c709b51f260c34.tar.xz
nixos-98c835409ab1c488f55fa47162c709b51f260c34.zip
3 files changed, 22 insertions, 15 deletions
diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix
index 97653f72..89020633 100644
--- a/custom/tinc/def.nix
+++ b/custom/tinc/def.nix
@@ -195,10 +195,12 @@ in
    users.extraUsers = flip mapAttrs' cfg.networks (network: _:
      nameValuePair ("tinc.${network}") ({
        description = "Tinc daemon user for ${network}";
+        group = "tinc.${network}";
        isSystemUser = true;
      })
    );
+    users.extraGroups = flip mapAttrs' cfg.networks (network: _:
+      nameValuePair ("tinc.${network}") ({})
+    );
  };
 }
diff --git a/custom/uucp.nix b/custom/uucp.nix
index 54f5aac4..e812c4cf 100644
--- a/custom/uucp.nix
+++ b/custom/uucp.nix
@@ -244,6 +244,7 @@ in {
    users.users."uucp" = {
      name = "uucp";
+      group = "uucp";
      isSystemUser = true;
      isNormalUser = false;
      createHome = true;
@@ -252,6 +253,7 @@ in {
      useDefaultShell = true;
      openssh.authorizedKeys.keys = map restrictKey (concatLists (mapAttrsToList (name: node: node.publicKeys) cfg.remoteNodes));
    } // cfg.sshUser;
+    users.groups."uucp" = {};
    system.activationScripts."uucp-sshconfig" = ''
      mkdir -p ${config.users.users."uucp".home}/.ssh
diff --git a/ymir.nix b/ymir.nix
index 9055a1e7..25161393 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -870,23 +870,26 @@ in rec {
    enable = true;
    allowedAccess = ["127.0.0.0/8" "::ffff:127.0.0.0/104" "::1/128" "10.141.0.0/16"];
    interfaces = ["127.0.0.1" "::1" "10.141.5.1"];
-    extraConfig = ''
+    settings = {
-      verbosity: 1
+      verbosity = 1;
    
-      private-domain: "yggdrasil"
+      private-domain = "yggdrasil";
    
-      domain-insecure: "10.in-addr.arpa"
+      domain-insecure = [ "10.in-addr.arpa" "yggdrasil" ];
-      domain-insecure: "yggdrasil"
-      local-zone: "10.in-addr.arpa" nodefault
+      local-zone = "\"10.in-addr.arpa\" nodefault";
-      forward-zone:
+      forward-zone = [
-        name: "10.in-addr.arpa"
+        {
-        forward-addr: 10.141.1.1
+          name = "10.in-addr.arpa";
-      forward-zone:
+          forward-addr = "10.141.1.1";
-        name: "yggdrasil"
+        }
-        forward-addr: 10.141.1.1
+        {
-    '';
+          name = "yggdrasil";
+          forward-addr = "10.141.1.1";
+        }
+      ];
+    };
  };
  services.dhcpd4 = {
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-10-19 18:35:21 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-10-19 18:35:21 +0200
commit	98c835409ab1c488f55fa47162c709b51f260c34 (patch)
tree	991a97f1b40be6e0280ff7783693a2fab41bcb8b
parent	5f54ce9175debe1776fc967e0a84199c016576ca (diff)
download	nixos-98c835409ab1c488f55fa47162c709b51f260c34.tar nixos-98c835409ab1c488f55fa47162c709b51f260c34.tar.gz nixos-98c835409ab1c488f55fa47162c709b51f260c34.tar.bz2 nixos-98c835409ab1c488f55fa47162c709b51f260c34.tar.xz nixos-98c835409ab1c488f55fa47162c709b51f260c34.zip

diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix index 97653f72..89020633 100644 --- a/custom/tinc/def.nix +++ b/custom/tinc/def.nix
@@ -195,10 +195,12 @@ in
195	users.extraUsers = flip mapAttrs' cfg.networks (network: _:	195	users.extraUsers = flip mapAttrs' cfg.networks (network: _:
196	nameValuePair ("tinc.${network}") ({	196	nameValuePair ("tinc.${network}") ({
197	description = "Tinc daemon user for ${network}";	197	description = "Tinc daemon user for ${network}";
		198	group = "tinc.${network}";
198	isSystemUser = true;	199	isSystemUser = true;
199	})	200	})
200	);	201	);
201		202	users.extraGroups = flip mapAttrs' cfg.networks (network: _:
		203	nameValuePair ("tinc.${network}") ({})
		204	);
202	};	205	};
203
204	}	206	}


diff --git a/custom/uucp.nix b/custom/uucp.nix index 54f5aac4..e812c4cf 100644 --- a/custom/uucp.nix +++ b/custom/uucp.nix
@@ -244,6 +244,7 @@ in {
244		244
245	users.users."uucp" = {	245	users.users."uucp" = {
246	name = "uucp";	246	name = "uucp";
		247	group = "uucp";
247	isSystemUser = true;	248	isSystemUser = true;
248	isNormalUser = false;	249	isNormalUser = false;
249	createHome = true;	250	createHome = true;
@@ -252,6 +253,7 @@ in {
252	useDefaultShell = true;	253	useDefaultShell = true;
253	openssh.authorizedKeys.keys = map restrictKey (concatLists (mapAttrsToList (name: node: node.publicKeys) cfg.remoteNodes));	254	openssh.authorizedKeys.keys = map restrictKey (concatLists (mapAttrsToList (name: node: node.publicKeys) cfg.remoteNodes));
254	} // cfg.sshUser;	255	} // cfg.sshUser;
		256	users.groups."uucp" = {};
255		257
256	system.activationScripts."uucp-sshconfig" = ''	258	system.activationScripts."uucp-sshconfig" = ''
257	mkdir -p ${config.users.users."uucp".home}/.ssh	259	mkdir -p ${config.users.users."uucp".home}/.ssh


diff --git a/ymir.nix b/ymir.nix index 9055a1e7..25161393 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -870,23 +870,26 @@ in rec {
870	enable = true;	870	enable = true;
871	allowedAccess = ["127.0.0.0/8" "::ffff:127.0.0.0/104" "::1/128" "10.141.0.0/16"];	871	allowedAccess = ["127.0.0.0/8" "::ffff:127.0.0.0/104" "::1/128" "10.141.0.0/16"];
872	interfaces = ["127.0.0.1" "::1" "10.141.5.1"];	872	interfaces = ["127.0.0.1" "::1" "10.141.5.1"];
873	extraConfig = ''	873	settings = {
874	verbosity: 1	874	verbosity = 1;
875		875
876	private-domain: "yggdrasil"	876	private-domain = "yggdrasil";
877		877
878	domain-insecure: "10.in-addr.arpa"	878	domain-insecure = [ "10.in-addr.arpa" "yggdrasil" ];
879	domain-insecure: "yggdrasil"
880		879
881	local-zone: "10.in-addr.arpa" nodefault	880	local-zone = "\"10.in-addr.arpa\" nodefault";
882		881
883	forward-zone:	882	forward-zone = [
884	name: "10.in-addr.arpa"	883	{
885	forward-addr: 10.141.1.1	884	name = "10.in-addr.arpa";
886	forward-zone:	885	forward-addr = "10.141.1.1";
887	name: "yggdrasil"	886	}
888	forward-addr: 10.141.1.1	887	{
889	'';	888	name = "yggdrasil";
		889	forward-addr = "10.141.1.1";
		890	}
		891	];
		892	};
890	};	893	};
891		894
892	services.dhcpd4 = {	895	services.dhcpd4 = {