wip: package itools

2026-03-20 12:01:06 +01:00 · 2023-04-14 08:43:34 +02:00
7 changed files with 20 additions and 122 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -49,7 +49,6 @@
        passport = import modules/passport.nix;
        panoptikon = import modules/panoptikon.nix;
        power-action = import modules/power-action.nix;
-        specus = import modules/specus.nix;
        system-dependent = import modules/system-dependent.nix;
        telegram-bot = import modules/telegram-bot.nix;
        traadfri = import modules/traadfri.nix;
@@ -80,7 +79,6 @@
            systems/ful/configuration.nix
            agenix.nixosModules.default
            inputs.self.nixosModules.passport
-            inputs.self.nixosModules.specus
            inputs.self.nixosModules.panoptikon
            retiolum.nixosModules.retiolum
            nur.nixosModules.nur
@@ -129,7 +127,6 @@
            inputs.self.nixosModules.telegram-bot
            inputs.self.nixosModules.htgen
            inputs.self.nixosModules.passport
-            inputs.self.nixosModules.specus
            agenix.nixosModules.default
            retiolum.nixosModules.retiolum
            nur.nixosModules.nur
@@ -193,7 +190,6 @@
            systems/kabsa/configuration.nix
            agenix.nixosModules.default
            retiolum.nixosModules.retiolum
-            inputs.self.nixosModules.specus
            home-manager.nixosModules.home-manager
            nur.nixosModules.nur
          ];
--- a/modules/specus.nix
+++ b/modules/specus.nix
@@ -1,96 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  specusMachines = {
-    servers = {
-      makanek = {
-        ipv4 = "10.100.0.1";
-        publicKey = "KhcScd4fBpdhQzK8Vc+1mEHQMQBpbKBUPB4oZ7skeSk=";
-      };
-      ful = {
-        ipv4 = "10.100.0.2";
-        publicKey = "0Y7+zoXkWJGVOWWnMjvYjtwP+WpggAlmkRbgMw0z8Dk=";
-      };
-    };
-    clients = {
-      kabsa = {
-        ipv4 = "10.100.0.101";
-        publicKey = "nRkzoRi9crKHF7263U37lt4GGL7/8637NBSKjifI9hY=";
-      };
-    };
-  };
-in {
-  options.services.specus = {
-    server = {
-      enable = lib.mkEnableOption "Specus private VPN (server)";
-    };
-    client = {
-      enable = lib.mkEnableOption "Specus private VPN (client)";
-    };
-    privateKeyFile = lib.mkOption {
-      type = lib.types.path;
-      description = "Private key file of the server/client machine";
-    };
-  };
-
-  config = let
-    cfg = config.services.specus;
-    specusPort = 22;
-  in
-    {
-      assertions = [
-        {
-          assertion =
-            !(cfg.server.enable && cfg.client.enable);
-          message = "specus: systems cannot be client and server at the same time";
-        }
-      ];
-    }
-    // lib.mkIf cfg.server.enable {
-      networking.nat = {
-        enable = true;
-        externalInterface = "eth0"; # TODO
-        internalInterfaces = ["specus"];
-      };
-      networking.firewall.allowedUDPPorts = [specusPort];
-      networking.wireguard.interfaces.specus = {
-        ips = ["${specusMachines.servers.${config.networking.hostName}.ipv4}/24"];
-        # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
-        postSetup = ''
-          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
-        '';
-        postShutdown = ''
-          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
-        '';
-        listenPort = specusPort;
-        privateKeyFile = cfg.privateKeyFile;
-        peers =
-          lib.mapAttrsToList (clientName: clientConfig: {
-            publicKey = clientConfig.publicKey;
-            allowedIPs = ["${clientConfig.ipv4}/32"];
-          })
-          specusMachines.clients;
-      };
-    }
-    // lib.mkIf cfg.client.enable {
-      networking.firewall.allowedUDPPorts = [specusPort];
-      networking.wireguard.interfaces = lib.attrsets.mapAttrs' (serverName: serverConfig:
-        lib.nameValuePair "specus-${serverName}" {
-          ips = ["${specusMachines.clients.${config.networking.hostName}.ipv4}/24"];
-          listenPort = specusPort;
-          privateKeyFile = cfg.privateKeyFile;
-          peers = [
-            {
-              allowedIPs = ["0.0.0.0/0"];
-              endpoint = "${(import ../lib/external-network.nix).${serverName}}:${toString specusPort}";
-              persistentKeepalive = 25;
-              publicKey = serverConfig.publicKey;
-            }
-          ];
-        })
-      specusMachines.servers;
-    };
-}
--- a/packages/itl.nix
+++ b/packages/itl.nix
@@ -1,4 +1,9 @@
-{ stdenv, fetchFromGitHub, cmake, lib }:
+{
+  stdenv,
+  fetchFromGitHub,
+  cmake,
+  lib,
+}:
 stdenv.mkDerivation rec {
  pname = "itl";
  version = "0.8.0";
--- a/packages/itools.nix
+++ b/packages/itools.nix
@@ -1,4 +1,11 @@
-{ stdenv, fetchFromGitHub, itl, lib, autoreconfHook }:
+{
+  stdenv,
+  fetchFromGitHub,
+  itl,
+  lib,
+  # autoreconfHook,
+  automake,
+}:
 stdenv.mkDerivation rec {
  pname = "itools";
  version = "1.0";
@@ -8,8 +15,12 @@ stdenv.mkDerivation rec {
    rev = version;
    sha256 = "sha256-g9bsjupC4Sb5ywAgUNbjYLbHZ/i994lbNSnX2JyaP3g=";
  };
-  preAutoreconf = "autoupdate";
-  nativeBuildInputs = [autoreconfHook];
+  # nativeBuildInputs = [autoreconfHook];
+  buildPhase = ''
+    touch ChangeLog
+    ./configure
+    make
+  '';
  buildInputs = [itl];
  meta = {
    homepage = "https://www.arabeyes.org/ITL";
--- a/systems/ful/configuration.nix
+++ b/systems/ful/configuration.nix
@@ -49,12 +49,6 @@ in {
    };
    root.file = ../../secrets/ful-root.age;
    restic.file = ../../secrets/restic.age;
-    specus.file = ../../secrets/ful-specus-privateKey.age;
-  };
-
-  services.specus = {
-    privateKeyFile = config.age.secrets.specus.path;
-    server.enable = true;
  };

  services.restic.backups.niveum = {
--- a/systems/kabsa/configuration.nix
+++ b/systems/kabsa/configuration.nix
@@ -40,16 +40,10 @@ in {
    restic.file = ../../secrets/restic.age;
    syncthing-cert.file = ../../secrets/kabsa-syncthing-cert.age;
    syncthing-key.file = ../../secrets/kabsa-syncthing-key.age;
-    specus.file = ../../secrets/kabsa-specus-privateKey.age;
  };

  environment.systemPackages = [pkgs.minecraft pkgs.zeroad];

-  services.specus = {
-    privateKeyFile = config.age.secrets.specus.path;
-    client.enable = false;
-  };
-
  networking = {
    hostName = "kabsa";
    wireless.interfaces = ["wlp3s0"];
--- a/systems/makanek/configuration.nix
+++ b/systems/makanek/configuration.nix
@@ -95,12 +95,6 @@ in {
      group = "tinc.retiolum";
    };
    restic.file = ../../secrets/restic.age;
-    specus.file = ../../secrets/makanek-specus-privateKey.age;
-  };
-
-  services.specus = {
-    privateKeyFile = config.age.secrets.specus.path;
-    server.enable = true;
  };

  system.stateVersion = "20.03";