From 29da9eee7d9cb3d29979f6d4f861549f055cd470 Mon Sep 17 00:00:00 2001
From: Emery Hemingway <ehmry@posteo.net>
Date: Tue, 18 Jan 2022 15:39:35 +0100
Subject: [PATCH] Add c3d2.nncp options

---
 config/nncp-relays.nix | 46 +++++++++++++++++++++++++++++++++++++++
 flake.nix              |  4 +++-
 modules/c3d2.nix       | 49 +++++++++++++++++++++++++++++++++++-------
 3 files changed, 90 insertions(+), 9 deletions(-)
 create mode 100644 config/nncp-relays.nix

diff --git a/config/nncp-relays.nix b/config/nncp-relays.nix
new file mode 100644
index 00000000..7813a789
--- /dev/null
+++ b/config/nncp-relays.nix
@@ -0,0 +1,46 @@
+{ config, ... }:
+
+{
+  blackbox = {
+    addrs.yggdrasil = "[20b:c3d2:4aa5:62bf:4f15:ed96:fcae:7a7]:5400";
+    exchpub = "NM6PP4UOHQ3JZWHRJ66E2JIAJ5NE4E4VIXQBFDEWOBV4AAFPT4UA";
+    id = "QOE2FEHKYHY2CESYIH7F2XUP4DHR7ETHYYGN3STCXFVFPZGBLNWQ";
+    noisepub = "MSJYTL677QZGMSVJBBPN3QF2SACFWTGJ56KFNDAZNCMPRDBOMUYQ";
+    signpub = "QYJPF3SRTJGPZAGDHAFLWPMCTBHZOKTLATYXVX6WCUSNVGBECYHA";
+  };
+  c3d2 = {
+    addrs.clearnet = "[${config.c3d2.hosts.nncp.ip6}]:5400";
+    exchpub = "MUZ3GI6GWEEIDQSUR6YGA3KNYERUFHIHLG24OG54QJJU2X5UGAJQ";
+    id = "NGQLTVQVIRZEPXB6OEOZIEGZ4SQQ2P25HBXFPEX5C57VEKQDF4BA";
+    noisepub = "YLJJGNQWNO3CGTBPROUUKVTSU3TFWHTBWREXMBBPMGMPJBWXAINA";
+    signpub = "6SRGG5RO7D7YZB65G3F6PL7ZEAWL6UBLNWJZSHKOXUSEEVXFFZZA";
+  };
+  devian = {
+    addrs.yggdrasil = "[200:ac5d:cab4:d15c:598a:f515:3362:c6e4]:5400";
+    exchpub = "HISFY4YEXULGOBV2PDGDI26XMVELNO26C454OOZY3WN5R2LGOAEA";
+    id = "LMZYGGVA4TKCIYCJK4XQ4JDTHALVCWB2OTHMSYRL2BNILXJXATPA";
+    noisepub = "DKOHGPPAMSP2RY6PW4UCLOAW4KSCYNFUHZKWQOLPMOIKVGSMS5ZQ";
+    signpub = "VXF7ZB45L3O6IVFSOTMNTD3UXFO4JZXEU2K2ZARNCJR7OOO6B7SQ";
+  };
+  emery = {
+    exchpub = "7XICCCEAGTBEPHOZ6LZFK5YIEPQTQ2JDUWFDHHI2VZO7EWAOD4JQ";
+    id = "BPEPGYPNZVOJM3GJBVRMOWIQA6PE7IIXLKWTDTBAT47N2LUZN4OQ";
+    noisepub = "EVRKZ7YGBRZOI3HWJXOMTY7IQYWTBZJDZDNAG763A5ZX4WJWGVAQ";
+    signpub = "O65ZBBZX53BXMD4YAZESFRLWQ7TWWIFS4V5SI3232MMMCKWCWKCA";
+    via = [ "c3d2" ];
+  };
+  quux = {
+    addrs.clearnet = "nncp.quux.org:5400";
+    exchpub = "7L4GZ4LKXZREZFSBKCBX4CGUTLYKUHR4KNQ3O6NPJGGM6C5YGAPQ";
+    id = "SXNADKNYBOU6VPDVZHZZGHPJXDDZTDWDT4YAQ5TJHBA6FTNUHTCA";
+    noisepub = "C7JASCAKJDRQNWNBOUX6WGFN4U7KC3NFU472IW43NJIBUB3V3EZQ";
+    signpub = "HS2Q2DNZWWCFY4V2UGYYJZFU4UPTUBFOTFYBY25QNOKDNG2OBKDQ";
+  };
+  unicron = {
+    addrs.yggdrasil = "[201:7d01:2539:fb46:a575:bad1:98dd:d7ed]:5400";
+    exchpub = "DYPGKZQWE5P3JOJ4GX76BCFKVQDGQAFGMRDAWKXMIA5K2JLTDF2Q";
+    id = "WLK6PJUFVCFOMVLOWSKSZPRQHYVIITRDGI2JFL5OTXGFEFPI2UCA";
+    noisepub = "ZDFDWAGDXQFFDBE2XP67ABADCXEQDFFG64R2WFBINYGBPVESEQHQ";
+    signpub = "2ABRP3EMYXMGWUJPC4JQ23OE6YJG7MOBU2QLAGRO7RIFTPOYMB5A";
+  };
+}
diff --git a/flake.nix b/flake.nix
index 64a27def..30242625 100644
--- a/flake.nix
+++ b/flake.nix
@@ -501,13 +501,15 @@
 
       nixosModule = self.nixosModules.c3d2;
       nixosModules = {
-        c3d2 = {
+        c3d2 = { config, ... }: {
           imports = [
             sops-nix.nixosModule
             ./modules/c3d2.nix
+            ./modules/nncp.nix
           ];
           c3d2.hosts = hostRegistry.hosts;
           c3d2.users = import ./users.nix;
+          c3d2.nncp.neigh = import ./config/nncp-relays.nix { inherit config; };
         };
         nncp = ./modules/nncp.nix;
         plume = {
diff --git a/modules/c3d2.nix b/modules/c3d2.nix
index 14d0d661..5c82b96d 100644
--- a/modules/c3d2.nix
+++ b/modules/c3d2.nix
@@ -2,12 +2,35 @@
 
 { config, lib, pkgs, ... }:
 
-let cfg = config.c3d2;
+let
+  cfg = config.c3d2;
+  neighMod = with lib; types.submodule {
+    options = {
+      addrs = mkOption {
+        type = with types; attrsOf str;
+        default = { };
+      };
+      via = mkOption
+        {
+          type = with types; listOf str;
+          default = [ ];
+        };
+    } // (with builtins; let value = mkOption { type = types.str; }; in
+    listToAttrs (map (name: { inherit name value; }) [ "exchpub" "id" "noisepub" "signpub" ]));
+  };
 in
 {
   options.c3d2 = with lib;
     with lib.types; {
 
+      acmeEmail = mkOption {
+        type = str;
+        default = "mail@c3d2.de";
+        description = ''
+          Admin email address to use for Letsencrypt
+        '';
+      };
+
       allUsersCanSshRoot = lib.mkOption {
         type = lib.types.bool;
         default = false;
@@ -41,13 +64,10 @@ in
         '';
       };
 
-      acmeEmail = mkOption {
-        type = str;
-        default = "mail@c3d2.de";
-        description = ''
-          Admin email address to use for Letsencrypt
-        '';
-      };
+      mergeNncpSettings = mkEnableOption ''
+        Whether to merge <literal>c3d2.nncp.<…>.nncp</literal>
+        into <literal>programs.nncp.settings</literal>.
+      '';
 
       k-ot.enable = mkEnableOption ''
         Add k-ot user to this machine. Anyone with an SSH key listed in
@@ -108,6 +128,17 @@ in
           });
         };
 
+      nncp = {
+        neigh = mkOption {
+          type = with types; attrsOf neighMod;
+          default = { };
+          description = ''
+            Attrset of NNCP neighbours for relaying packets.
+            User endpoints go in <literal>c3d2.users</literal>.
+          '';
+        };
+      };
+
       users =
         mkOption {
           type = attrsOf (submodule {
@@ -130,6 +161,8 @@ in
       ));
     in
     {
+      programs.nncp.settings = lib.mkIf cfg.mergeNncpSettings cfg.nncp;
+
       users.motd = lib.mkIf cfg.enableMotd (builtins.readFile ./motd);
 
       users.users.k-ot = lib.mkIf cfg.k-ot.enable {