Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 138c94c75ce4
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: deedf24c888d
Choose a head ref
  • 3 commits
  • 3 files changed
  • 2 contributors

Commits on Dec 24, 2019

  1. kbfs: add kbfs/redirector subpackage

    @tadfisher
    tadfisher committed Dec 24, 2019
    Copy the full SHA
    8a7cc62 View commit details

  2. nixos/keybase, nixos/kbfs: update service configs; add redirector

    @tadfisher
    tadfisher committed Dec 24, 2019
    Copy the full SHA
    b4bacff View commit details

Commits on Jan 29, 2020

  1. Merge pull request #75922 from tadfisher/kbfs-fixes 

    kbfs, nixos/keybase, nixos/kbfs: fix KBFS, add enableRedirector option
    @marsam
    marsam authored Jan 29, 2020
    Copy the full SHA
    deedf24 View commit details
Showing with 80 additions and 23 deletions.
  1. +71 −19 nixos/modules/services/network-filesystems/kbfs.nix
  2. +8 −3 nixos/modules/services/networking/keybase.nix
  3. +1 −1 pkgs/tools/security/keybase/kbfs.nix
90 changes: 71 additions & 19 deletions nixos/modules/services/network-filesystems/kbfs.nix
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (config.security) wrapperDir;
cfg = config.services.kbfs;

in {
@@ -17,6 +18,16 @@ in {
description = "Whether to mount the Keybase filesystem.";
};

enableRedirector = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable the Keybase root redirector service, allowing
any user to access KBFS files via <literal>/keybase</literal>,
which will show different contents depending on the requester.
'';
};

mountPoint = mkOption {
type = types.str;
default = "%h/keybase";
@@ -41,26 +52,67 @@ in {

###### implementation

config = mkIf cfg.enable {

systemd.user.services.kbfs = {
description = "Keybase File System";
requires = [ "keybase.service" ];
after = [ "keybase.service" ];
path = [ "/run/wrappers" ];
unitConfig.ConditionUser = "!@system";
serviceConfig = {
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${cfg.mountPoint}";
ExecStart = "${pkgs.kbfs}/bin/kbfsfuse ${toString cfg.extraFlags} ${cfg.mountPoint}";
ExecStopPost = "/run/wrappers/bin/fusermount -u ${cfg.mountPoint}";
Restart = "on-failure";
PrivateTmp = true;
config = mkIf cfg.enable (mkMerge [
{
# Upstream: https://github.com/keybase/client/blob/master/packaging/linux/systemd/kbfs.service
systemd.user.services.kbfs = {
description = "Keybase File System";

# Note that the "Requires" directive will cause a unit to be restarted whenever its dependency is restarted.
# Do not issue a hard dependency on keybase, because kbfs can reconnect to a restarted service.
# Do not issue a hard dependency on keybase-redirector, because it's ok if it fails (e.g., if it is disabled).
wants = [ "keybase.service" ] ++ optional cfg.enableRedirector "keybase-redirector.service";
path = [ "/run/wrappers" ];
unitConfig.ConditionUser = "!@system";

serviceConfig = {
Type = "notify";
# Keybase notifies from a forked process
EnvironmentFile = [
"-%E/keybase/keybase.autogen.env"
"-%E/keybase/keybase.env"
];
ExecStartPre = [
"${pkgs.coreutils}/bin/mkdir -p \"${cfg.mountPoint}\""
"-${wrapperDir}/fusermount -uz \"${cfg.mountPoint}\""
];
ExecStart = "${pkgs.kbfs}/bin/kbfsfuse ${toString cfg.extraFlags} \"${cfg.mountPoint}\"";
ExecStop = "${wrapperDir}/fusermount -uz \"${cfg.mountPoint}\"";
Restart = "on-failure";
PrivateTmp = true;
};
wantedBy = [ "default.target" ];
};
wantedBy = [ "default.target" ];
};

services.keybase.enable = true;
services.keybase.enable = true;

environment.systemPackages = [ pkgs.kbfs ];
};
environment.systemPackages = [ pkgs.kbfs ];
}

(mkIf cfg.enableRedirector {
security.wrappers."keybase-redirector".source = "${pkgs.kbfs}/bin/redirector";

systemd.tmpfiles.rules = [ "d /keybase 0755 root root 0" ];

# Upstream: https://github.com/keybase/client/blob/master/packaging/linux/systemd/keybase-redirector.service
systemd.user.services.keybase-redirector = {
description = "Keybase Root Redirector for KBFS";
wants = [ "keybase.service" ];
unitConfig.ConditionUser = "!@system";

serviceConfig = {
EnvironmentFile = [
"-%E/keybase/keybase.autogen.env"
"-%E/keybase/keybase.env"
];
# Note: The /keybase mount point is not currently configurable upstream.
ExecStart = "${wrapperDir}/keybase-redirector /keybase";
Restart = "on-failure";
PrivateTmp = true;
};

wantedBy = [ "default.target" ];
};
})
]);
}
11 changes: 8 additions & 3 deletions nixos/modules/services/networking/keybase.nix
View file
Original file line number Diff line number Diff line change
@@ -24,13 +24,18 @@ in {

config = mkIf cfg.enable {

# Upstream: https://github.com/keybase/client/blob/master/packaging/linux/systemd/keybase.service
systemd.user.services.keybase = {
description = "Keybase service";
unitConfig.ConditionUser = "!@system";
environment.KEYBASE_SERVICE_TYPE = "systemd";
serviceConfig = {
ExecStart = ''
${pkgs.keybase}/bin/keybase service --auto-forked
'';
Type = "notify";
EnvironmentFile = [
"-%E/keybase/keybase.autogen.env"
"-%E/keybase/keybase.env"
];
ExecStart = "${pkgs.keybase}/bin/keybase service";
Restart = "on-failure";
PrivateTmp = true;
};
2 changes: 1 addition & 1 deletion pkgs/tools/security/keybase/kbfs.nix
View file
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@ buildGoPackage {
inherit (keybase) src version;

goPackagePath = "github.com/keybase/client";
subPackages = [ "go/kbfs/kbfsfuse" "go/kbfs/kbfsgit/git-remote-keybase" ];
subPackages = [ "go/kbfs/kbfsfuse" "go/kbfs/redirector" "go/kbfs/kbfsgit/git-remote-keybase" ];

dontRenameImports = true;