New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tuntox: init at 0.0.8 #32823
tuntox: init at 0.0.8 #32823
Conversation
@GrahamcOfBorg eval |
What causes the PreStart script to fail? How can I reproduce it? |
@orivej useSandbox prevents the preStart script from creating/modifying/(accessing?) /var (edit: well, i'm not 100% sure that's the reason why it fails) Just enable that option and set |
@@ -306,6 +306,7 @@ | |||
ceph = 288; | |||
duplicati = 289; | |||
monetdb = 290; | |||
tuntox = 291; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you sure you need the user to be a specific ID? It usually isn't necessary since the system can assign user IDs.
}; | ||
|
||
preStart = '' | ||
mkdir -p ${persistentIdDirectory} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of making the directory in a preStart you can do it in an activation script like in
system.activationScripts.mattermost = '' |
src = fetchFromGitHub { | ||
owner = "gjedeer"; | ||
repo = "tuntox"; | ||
rev = "${version}"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can just be rev = version;
.
{ | ||
options = { | ||
services.tuntox.server = { | ||
enable = mkOption { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use mkEnableOption
here.
secret = mkOption { | ||
type = types.nullOr types.str; | ||
default = null; | ||
description = "Shared secret used for connection authentication"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might be good to point out that this secret will be world readable when inserted in the Nix store. Can this optionally be done with a secretFile that is stored outside the nix store?
(triage) @fgaz Are you still willing to work on this? |
@Ekleog yes, but it'll have to wait a bit |
@fgaz do you need a hand with this or are you able to continue? |
@aanderse I just don't (and won't for another month) have much time to make and test those modifications. Maybe in the meantime I could split this into one pr for the package, which is quick and already reviewed, and keep this one for the module only. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@fgaz Splitting this PR into 2 sounds like a good idea if you don't have the time but want to get the package in ASAP. If you're not in a rush, though, no worries because neither are we 😄
{ stdenv, fetchFromGitHub, fetchpatch, pkgconfig, libtoxcore, libsodium, libevent }: | ||
|
||
stdenv.mkDerivation rec { | ||
name = "tuntox-${version}"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please replace with pname = "tuntox";
and then you can drop name
as it will be implied.
|
||
src = fetchFromGitHub { | ||
owner = "gjedeer"; | ||
repo = "tuntox"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
repo = pname;
is a common pattern.
license = licenses.gpl3; | ||
platforms = platforms.linux; | ||
maintainers = with maintainers; [ fgaz ]; | ||
homepage = https://github.com/gjedeer/tuntox; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please quote.
For the author, reviewers, and committers: this PR was scanned and appears to add a use of the deprecated
|
Thank you for your contributions.
|
Stale bot, I'll still finish this... someday |
I marked this as stale due to inactivity. → More info |
@fgaz Was looking at putting together a PR for tuntox and found this draft first. Are you still interested in finishing it? I'd also be happy to start a new PR based off of this WIP branch. I've never had to create a package that creates/enables a service there so I'm a little bit less certain about fine-tuning those details, but at the very least would like to see the binaries available! |
Wow, I totally forgot about this 😅 Thanks for pushing this forward @willcohen! I don't really want to finish the module for this right now, so let's go with your package! |
Motivation for this change
Add the tuntox package and a systemd service to set up a server with it. I may also add a tuntox client service in the future, so the server is under the
tuntox.server
namespaceThings done
build-use-sandbox
innix.conf
on non-NixOS)/var
isn't the right place?nix-shell -p nox --run "nox-review wip"
./result/bin/
)