From 98c835409ab1c488f55fa47162c709b51f260c34 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 19 Oct 2021 18:35:21 +0200
Subject: ...

---
 custom/tinc/def.nix |  6 ++++--
 custom/uucp.nix     |  2 ++
 ymir.nix            | 29 ++++++++++++++++-------------
 3 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/custom/tinc/def.nix b/custom/tinc/def.nix
index 97653f72..89020633 100644
--- a/custom/tinc/def.nix
+++ b/custom/tinc/def.nix
@@ -195,10 +195,12 @@ in
     users.extraUsers = flip mapAttrs' cfg.networks (network: _:
       nameValuePair ("tinc.${network}") ({
         description = "Tinc daemon user for ${network}";
+        group = "tinc.${network}";
         isSystemUser = true;
       })
     );
-
+    users.extraGroups = flip mapAttrs' cfg.networks (network: _:
+      nameValuePair ("tinc.${network}") ({})
+    );
   };
-
 }
diff --git a/custom/uucp.nix b/custom/uucp.nix
index 54f5aac4..e812c4cf 100644
--- a/custom/uucp.nix
+++ b/custom/uucp.nix
@@ -244,6 +244,7 @@ in {
 
     users.users."uucp" = {
       name = "uucp";
+      group = "uucp";
       isSystemUser = true;
       isNormalUser = false;
       createHome = true;
@@ -252,6 +253,7 @@ in {
       useDefaultShell = true;
       openssh.authorizedKeys.keys = map restrictKey (concatLists (mapAttrsToList (name: node: node.publicKeys) cfg.remoteNodes));
     } // cfg.sshUser;
+    users.groups."uucp" = {};
 
     system.activationScripts."uucp-sshconfig" = ''
       mkdir -p ${config.users.users."uucp".home}/.ssh
diff --git a/ymir.nix b/ymir.nix
index 9055a1e7..25161393 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -870,23 +870,26 @@ in rec {
     enable = true;
     allowedAccess = ["127.0.0.0/8" "::ffff:127.0.0.0/104" "::1/128" "10.141.0.0/16"];
     interfaces = ["127.0.0.1" "::1" "10.141.5.1"];
-    extraConfig = ''
-      verbosity: 1
+    settings = {
+      verbosity = 1;
     
-      private-domain: "yggdrasil"
+      private-domain = "yggdrasil";
     
-      domain-insecure: "10.in-addr.arpa"
-      domain-insecure: "yggdrasil"
+      domain-insecure = [ "10.in-addr.arpa" "yggdrasil" ];
 
-      local-zone: "10.in-addr.arpa" nodefault
+      local-zone = "\"10.in-addr.arpa\" nodefault";
 
-      forward-zone:
-        name: "10.in-addr.arpa"
-        forward-addr: 10.141.1.1
-      forward-zone:
-        name: "yggdrasil"
-        forward-addr: 10.141.1.1
-    '';
+      forward-zone = [
+        {
+          name = "10.in-addr.arpa";
+          forward-addr = "10.141.1.1";
+        }
+        {
+          name = "yggdrasil";
+          forward-addr = "10.141.1.1";
+        }
+      ];
+    };
   };
 
   services.dhcpd4 = {
-- 
cgit v1.2.3